Viewerframe Mode Refresh Patched -

Feature: Patched ViewerFrame Refresh Mechanism

The "Patched" Difference: Technical Implementation

Production switchers use viewerframes for multiview monitoring. If a mode refresh fails, a director might see a "frozen" preview of a camera that is actually live, potentially broadcasting the wrong source.

The exploit leverages the logic flow of the legacy CGI script. The code prioritizes the "refresh" action (intended for updating the image in a browser client) over authentication checks. viewerframe mode refresh patched

Site Isolation

The primary reason for the patch was . Modern browsers (Chrome, Firefox, Safari) have moved toward a model where every site is isolated into its own process. The "ViewerFrame Mode" created a loophole where cross-origin data could potentially leak during the refresh state. The code prioritizes the "refresh" action (intended for

async activateMode(newMode: Mode) const epoch = ++this.modeEpoch; if (this.activeMode) await this.activeMode.teardown(); The "ViewerFrame Mode" created a loophole where cross-origin

The Bug: When Mode Refresh Fails

Timing Checks

: A mandatory delay and verification cycle were added to the refresh logic to prevent "frame-stacking" exploits. Current Status