Closed
Bug 1215904
Opened 9 years ago
Closed 9 years ago
window.open allows opening content from private browsing mode in normal mode window
Categories
(Firefox :: Private Browsing, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1100154
People
(Reporter: jarmo.lahtiranta, Unassigned)
References
()
Details
(Keywords: sec-low)
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36 OPR/32.0.1948.19 (Edition beta)
Steps to reproduce:
1. Open the same website in two windows: private browsing mode normal mode
2. Click a link with window.open so that you get a popup window.
3. Click the same link in another window.
Actual results:
The page from the second link opens in the same window as the first link. If the first link was in private browsing mode, the second link is opened in the same mode. If the first link was in normal mode, the link is opened in normal browsing mode too.
This allows the attacker to break out of the private browsing mode, because he can send arbitrary data as GET parameters and identify the user that way.
POC will be available for a while at http://ka.tunk.org/breakout.php
Expected results:
A new popup window should be opened after the second click, and it should be in the same mode as the window where it was clicked.
Reporter | ||
Updated•9 years ago
|
Comment 1•9 years ago
|
||
I can reproduce on 42 beta but not on 44 (nightly). I expect this is a duplicate of bug 1100154 which was fixed in Firefox 43. Josh, can you confirm?
Flags: needinfo?(josh)
Updated•9 years ago
|
Component: Untriaged → Private Browsing
Comment 2•9 years ago
|
||
Ehsan, can you answer comment #1 ?
(In reply to :Gijs Kruitbosch from comment #1)
> I can reproduce on 42 beta but not on 44 (nightly). I expect this is a
> duplicate of bug 1100154 which was fixed in Firefox 43. Josh, can you
> confirm?
Flags: needinfo?(ehsan)
Comment 3•9 years ago
|
||
Yeah this is the same.
Also this shouldn't be a security sensitive bug, but I don't have access to open it up.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Flags: needinfo?(josh)
Flags: needinfo?(ehsan)
Resolution: --- → DUPLICATE
Updated•9 years ago
|
Group: firefox-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•