Closed Bug 1370792 Opened 8 years ago Closed 8 years ago

CSP bypass for new window opened with middle mouse

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
53 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1296976

People

(Reporter: public, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Steps to reproduce: Content-Security-Policy: default-src 'none' <a href="data:text/html,%3cscript%3e\u0061lert(document.domain)%3c/script%3e">data:</a> <a href="javascript:'%3cscript%3e\u0061lert(document.domain)%3c/script%3e'">javascript:</a> Press middle mouse button or CMD/CTRL/Shift + left click Actual results: New tab with alert message with opener domain, with access to cookie etc. Expected results: Chrome - Open and close new tab/CSP Error Edge - Error page/CSP Error
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Thank you for reporting this, Roman. Please send email to security@mozilla.org instead of me personally.
Group: firefox-core-security
You need to log in before you can comment on or make changes to this bug.