Closed Bug 1148402 Opened 10 years ago Closed 10 years ago

window opener bug issue allowing redirect to mallicous sites

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
38 Branch
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: monosec15, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36 Steps to reproduce: To reproduce the issue send this link in a blog EX : https://blog.mozilla.org/addons/2015/03/25/your-design-printed-on-our-next-t-shirt/comment-page-1/#comment-214559 : http://likestest.comxa.com/landpage.php.htm As long as they click the link their other tabs of mozilla firefox page will be redirected to my twitter account . This is used in a bengien way till now but what if redirected to an identical mozilla scam page to login then steal the credentials . This bug happens because opening tabs is used target="_blank"; P.S you need to have other mozilla blog opened because the link when clicked already redirects in the same page doesn't open in a new tab so you need other tab . Actual results: It Redirected to my twitter accont Expected results: Redirection to my twitter account
I can't reproduce the issue, the comment has been deleted. Anyway, if your computer is affected bt malware, see https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
To reproduce add a comment in the support forum with this link then click . http://likestest.comxa.com/landpage.php.htm THANKS
Can someone check this ?
Check what? It's POC to hijack Twitter account. No need to spread these links.
And as I said your STR are not clear, rewrite them.
Guys do you even care to pay attention to what this bug is ? It's reverse tab napping the changing of urls to my twitter account is made because of the window.opener property is not set to "null" so i am able to conrol previous mozilla tabs through this script window.opener.location.replace(URL) in my case the url is a twitter account . Not "hijack twitter accounts" ? the url could have been any site and in the case of a malicous attack it could be an identical login mozilla scam page . So someone investigate the issue thankfully .
So the link i add in the comments conatins the following code : <html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"> <script> window.opener.location.replace('http://www.twitter.com/zeyadk99'); </script> </head><body>Your initial tab became my twitter :D<br> </body> </html> As you can see the code responsible of bringing my twitter account is window.opener.location.replace('http://www.twitter.com/zeyadk99'); I hope the poc is clear .
So @loic are you able to reproduce ?
Did you read the spec about window.opener.location.replace?
yes.
Mistakenly filed against Firefox 38 and should be instead 38 Branch. Sorry for the spam. dkl
Version: Firefox 38 → 38 Branch
You need to log in before you can comment on or make changes to this bug.