Closed
Bug 1221681
Opened 9 years ago
Closed 9 years ago
Performance APIs reveal cross-origin URLs
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1185256
People
(Reporter: chromium.khalil, Unassigned)
Details
It is possible to read x-domain URLs after a redirect if the page can be iframed. What I think is a violation of the SOP and could be used to steal sensitive data from several pages. If http://victim/ redirects to http://victim/?secret an attacker can iframe the first page and obtain the "secret" of the second one. The exploit abuses what seems a bug in performance.getEntries() when dealing with cached pages. PoC: http://vwzq.net/lab/xreadurl/
|
||
Updated•9 years ago
|
Group: firefox-core-security → core-security
Component: Preferences → DOM
Product: Firefox → Core
|
Reporter | |
Comment 1•9 years ago
|
||
Source: https://code.google.com/p/chromium/issues/detail?id=511616
|
||
Comment 2•9 years ago
|
||
This has been fixed already in Nightly and Developer Edition, not yet released to public.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
|
|
||
Updated•8 years ago
|
Group: core-security
|
Assignee | |
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•