Closed Bug 1692654 Opened 4 years ago Closed 4 years ago

SameSite cookie Reader View bypass

Tracking

()

Status:

RESOLVED DUPLICATE of bug 1692655

People

(Reporter: whoismath, Unassigned)

References

(
URL
)

Details

(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])

Attachments

(1 file)

files.zip 4 years ago Matheus Vrech 1.50 KB, application/zip		Details

Matheus Vrech

Reporter

Description

•

4 years ago

Attached file files.zip — Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/85.0

Steps to reproduce:

Go to https://abrasax.club/readcookie.html
Click anywhere in the page to open another tab.
Click in Reader View icon.
Wait 15 seconds until the new tab is redirected to about:blank
Wait 4 seconds more to be redirected back to Reader View.
Reader View will render meta redirect page and SameSite cookie will be bypassed.

Actual results:

SameSite cookie is sent when Reader View is reloaded with a meta redirect.

Expected results:

SameSite cookie not sent.

Flags: sec-bounty?

:Gijs (he/him)

Comment 1

•

4 years ago

I assume this is the same as 1692655?

Status: UNCONFIRMED → RESOLVED

Closed: 4 years ago

Resolution: --- → DUPLICATE

Daniel Veditz [:dveditz]

Updated

•

4 years ago

Flags: sec-bounty?

Daniel Veditz [:dveditz]

Updated

•

2 years ago

Group: firefox-core-security

David Lawrence [:dkl]

Updated

•

9 months ago

Keywords: reporter-external

You need to log in before you can comment on or make changes to this bug.

Bugzilla

SameSite cookie Reader View bypass

Categories

(Firefox :: Security, task)

Tracking

()

People

(Reporter: whoismath, Unassigned)

References

(
URL
)

Details

(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Updated

Updated

Attachment

General

Description

File Name

Content Type