Comment 0 for bug 697451

Binary package hint: mediawiki

A clickjacking vulnerability was reported in MediaWiki [1]. This could allow a
malicious web site to compromise the account of the user visiting a
MediaWiki-based web site (an attack similar to cross-site scripting). For full
protection, a user needs to be using a browser that supports the
X-Frame-Options feature [2].

MediaWiki 1.16.1 [3] has been released to correct this flaw. For MediaWiki
1.15.x and earlier, a patch [4] is available which denies all framing.

[1] https://bugzilla.wikimedia.org/show_bug.cgi?id=CVE-2011-0003
[2] https://developer.mozilla.org/en/the_x-frame-options_response_header
[3]
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_1/phase3/RELEASE-NOTES
[4] http://www.mediawiki.org/wiki/Special:Code/MediaWiki/79566