Closed
Bug 115823
Opened 23 years ago
Closed 23 years ago
JavaScript vulnerability allows browser to be closed without prompt
Categories
(Core :: Security, defect)
Tracking
()
People
(Reporter: gwagner, Assigned: security-bugs)
References
()
Details
From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461) BuildID: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.6+) Gecko/20011217 The following code allows the main parent browser window to be closed without the user being prompted, even if the main parent browser window has history. Under normal circumstances, JavaScript can't close the main parent browser window without the user being prompted (as long as the window has history). The code below that allows this should be trapped and Netscape should prevent this from occurring since it would allow sites to mess with the user's browser. <html><head> <title>SBB AE 7/14</title> <script language="JavaScript" type="text/javascript"> if(window.name!='VW'){ window.opener=self; // for at undgå advarslen "Vil du lukke vinduet?" newwin=window.open(self.location,'VW','menubar=no,' +'resizable=no,status=no,scrollbars=no'); window.close(); // lukker det oprindelige vindue } </script> <script language="JavaScript" type="text/javascript"> <!-- function closeWindow(){ setTimeout('close()', 30000);//lukker vinduet efter 30 sekunder } //--> </script> <style type="text/css"> body {background-image: url(ae714.jpg)} h2 {color: red; position: absolute; top: 300px; left: 205px} </style> </head><body onload="closeWindow(); window.resizeTo(536,361),moveTo(200,200)"> <h2>SBB Ae 7/14 - Schwitzerland</h2> </body></html> Reproducible: Always Steps to Reproduce: 1. copy and paste the above code into a new HTML document 2. visit several pages to create history 3. visit the page you created in step 1. Actual Results: A new window is opened and the main browser window opened by the user is closed without the user being prompted. This results in the user being left with a small window with no chrome, and no way to navigate away from the page/image forced by the website. The user has no choice but to close this window manually and open a new browser window to continue surfing. Expected Results: The user should be prompted whether they want to close the window they opened manually as long as that window has history. If you perform the same steps in Netscape 4.78, you are prompted whether you want to close the browser window you opened and were using to browse (although it is still resized).
Updated•23 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee | ||
Comment 1•23 years ago
|
||
*** This bug has been marked as a duplicate of 32571 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•