If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Window spoofing security bug

VERIFIED INVALID

Status

Camino Graveyard
General
--
major
VERIFIED INVALID
16 years ago
15 years ago

People

(Reporter: Stephane Moureau, Assigned: saari (gone))

Tracking

Details

(URL)

(Reporter)

Description

16 years ago
This exploit seems to work in Chimera and Mozilla. It think it also affect/block
Chimera because I had to quit to enter this bug a second time, I had tested it
while writing in another window.
Click on the "Follow this link..." on that page, wait until you see a message in
new page contents "Look at location bar". The location will be:
Chimera 20020625 : "wyciwyg://0/http://guninski.com/b14.html"
Mozilla 1.1a : "http://guninski.com/b14.html"
MSIE 5.2 intercepts it and shows 2 alerts.

Comment 1

16 years ago
Confirmed using both Chimera/20020625 and FizzillaCFM/2002062203. The exploit
seems to work in both, except Chimera prefixes the URL with "wyciwyg://0/" as
described.

Should this get sent over to Browser/Security?
Severity: normal → major
Summary: URL spoofing in javascript → Window spoofing security bug
eek
I tried the page above. On Mozilla 1.0, I see http://guninski.com/b14.html,
which is what I expect to see. The bug was about URL spoofing - where the URL
bar says www.yahoo.com, but the page displayed is not yahoo.com. That's not what
happens here, so I believe the bug has already been fixed.

On yesterday's trunk (debug) build, the example page crashes on load, before the
exploit script ever runs. It's crashing at nsHTMLContentSink.cpp:1921, in debug
code. While this needs to be looked at, I don't think it's a serious security
problem.

I don't have a copy of Chimera to test, but the fact that we're seeing wyciwyg:
URLs in the URL bar is probably bad - there was a bug on that in Mozilla. 
(Assignee)

Comment 4

16 years ago
okay, sounds like this isn't an issue and we're doing what we expect
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → INVALID
okidokes.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.