Closed
Bug 246519
Opened 20 years ago
Closed 20 years ago
Cookies should not be sent on scripting-induced cross-site POSTs without user intervention
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 246476
People
(Reporter: tthurman, Assigned: dveditz)
References
(Blocks 1 open bug, )
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040207 Firefox/0.8 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040207 Firefox/0.8 When an HTML form is submitted using JavaScript, and its action parameter gives a URL on another site, cookies for that site should be sent along with the POST either only with user confirmation or not at all. Many sites use cookies for authentication. Thus, it's possible to put a malicious script on another site which does not need to know any details about the user in order to submit an authenticated form to the first site. Over the last couple of days, this exploit has been used to spread a couple of posts virally across livejournal.com. One of these said simply "this is interesting" with a link. The link went to a page which contained a script which used this exploit in order to submit a journal entry on the journal of the person currently logged in. Thus when people saw the entries on their friends' journal pages and clicked the link, they spread the "virus" to their own pages. This outbreak was relatively benign, but far more serious attacks are clearly possible. Reproducible: Always Steps to Reproduce:
Comment 1•20 years ago
|
||
See also bug 246476. It is the same subject, but there a restriction on javascript form submission is asked.
Reporter | ||
Comment 2•20 years ago
|
||
Oh, well spotted.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Reporter | ||
Updated•20 years ago
|
Status: RESOLVED → UNCONFIRMED
Resolution: FIXED → ---
Reporter | ||
Comment 3•20 years ago
|
||
*** This bug has been marked as a duplicate of 246476 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago → 20 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•