TABNABBING
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
People
(Reporter: ammu424656, Unassigned)
Details
Attachments
(1 file)
|
4.33 MB,
video/mp4
|
Details |
DESCRIPTION:
When you open a link in a new tab ( target="_blank" ), the page that opens in a new tab can access the initial tab and change it's location using the window.opener property.
IMPACT:
Because the redirecting is made in the background, while the user is focused on another tab. This Can be very dangerous if the attacker is smart then he can trick the victim easily and can take over his account easily through scam pages and can also lead to several phishing attacks.
Websites that protect themselves against this kind of attack: google.com, twitter.com (they open links in new tabs, but the window.opener property is set to null)
REFERENCES:
https://www.youtube.com/watch?v=C7_7C9EFrPM
https://hackerone.com/reports/179568
https://hackerone.com/reports/23386
POC:
I am attaching a video so that it can be understood properly.
Take a look and do the needful,
|
||
Comment 2•4 years ago
|
||
"Tabnabbing" is a known problem for web applications -- it even has a wikipedia page -- so we don't need to hide this issue.
When you open a link in a new tab ( target="_blank" ), the page that opens in a new tab can access the initial tab and change it's location using the window.opener property.
That should no longer be true in Firefox, changed in Bug 1522083 (though more edge cases being worked on under it's parent bug. Do you have a testcase that shows this problem? In the movie you're using one treeherder same against another, but those are same-origin and don't exactly demonstrate an attack
|
|
||
Updated•4 years ago
|
|
||
Updated•3 years ago
|
Description
•