Open
Bug 1256047
Opened 8 years ago
Updated 2 years ago
Firefox allow site to change parent window
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
UNCONFIRMED
People
(Reporter: strelkov355, Unassigned)
Details
(Whiteboard: btpp-followup-2016-04-11)
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.7.0 Build ID: 20160308234001 Steps to reproduce: 1) Setup Debian Sid. 2) Open Iceweasel. 3) Search "site:justporno.tv Dont be shy its just porn" in Google. Searching text don't matter. You just need get link to justporno.tv domain (not to xxx.justporno.tv subdomain). 4) Open first result in justporno.tv domain. Actual results: justporno.tv opened in new tab. Good. Tab with Google redirected to justporno.tv. If I'm just create new tab and input justporno.tv address to it, this problem don't appear. For get this result second time, you need clear cookies. Expected results: justporno.tv must don't have access to Google tab.
Comment 1•8 years ago
|
||
The behaviour of opening in a new tab *and* opening in the existing tab seems odd. Does this reproduce with a clean profile?
Flags: needinfo?(strelkov355)
Updated•8 years ago
|
Whiteboard: btpp-followup-2016-04-11
(In reply to Andrew Overholt [:overholt] from comment #1) > The behaviour of opening in a new tab *and* opening in the existing tab > seems odd. > > Does this reproduce with a clean profile? I'm remove add-ons (NoScript and TabMix), result the same. Yes, it's very odd.
Flags: needinfo?(strelkov355)
Comment 3•8 years ago
|
||
I can't reproduce with "site:stackoverflow.com html" as my search query. This feels like a site bug or maybe some add-on you don't know you have? I'm not sure there's much else we can do if reproduction isn't possible.
Flags: needinfo?(strelkov355)
(In reply to Andrew Overholt [:overholt] from comment #3) > I can't reproduce with "site:stackoverflow.com html" as my search query. "Search "site:justporno.tv Dont be shy its just porn"...". This bug appear only in justporno.tv site. Or, more like, justporno.tv use some strange vulnerability. > This feels like a site bug or maybe some add-on you don't know you have? I'm also testing this bug in Debian Mate 8.3 Live CD (amd64 platform). Yes, I'm sure that official LiveCD can't contain any odd add-ons.
Flags: needinfo?(strelkov355)
Assignee | ||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•