Closed Bug 1759108 Opened 3 years ago Closed 3 years ago

Redirect to localhost with an iframe

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
Firefox 99
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 354493

People

(Reporter: fire2master, Unassigned)

Details

Attachments

(1 file)

iframe_oracle_localhost.png
108.29 KB, image/png
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0

Steps to reproduce:

Open Firefox Developer 99.0b1
Go to https://www.oracle.com/cloud/azure-interconnect-faq.html

Actual results:

After few time my localhost:80 is displayed.

Inside the html of "https://www.oracle.com/cloud/azure-interconnect-faq.html" there is :
<iframe id="osvc_form" src="http://localhost/" onload="showIframe()" scrolling="auto" style="height:100%;"></iframe>

(Don't ask me why a developer add that in the html...)

Expected results:

In one hand, the iframe "src" redirect where it should be, in the other hand it's probably not a good idea to have such behavior in this use case.
If you do the same on Chrome or Edge, the redirect is not done and there is browser message to warn you. It's probably a better behavior.
I guess, it could lead to security risk.

Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
Group: firefox-core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: