Open
Bug 1773880
Opened 4 years ago
Updated 1 month ago
Form-action's blocking of redirects allows top-navigation XSLeak through securitypolicyviolation event
Categories
(Core :: DOM: Security, defect, P3)
Tracking
()
NEW
People
(Reporter: gertjan.franken, Unassigned)
References
(Blocks 2 open bugs)
Details
(Keywords: spec-needed, Whiteboard: [secdom:spec][domsecurity-backlog1])
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
Steps to reproduce:
This bug was reported for Chromium (issue 1259077) and is reproducible in Firefox 101.0.1.
By abusing the securitypolicyviolation event, an attacker is able to leverage form-action to check whether a victim is logged in to certain websites (the example in the Chromium issue covers Twitter).
Summary: Security: form-action's blocking of redirects allows top-navigation XSLeak through securitypolicyviolation event → Form-action's blocking of redirects allows top-navigation XSLeak through securitypolicyviolation event
|
||
Updated•4 years ago
|
Group: firefox-core-security → dom-core-security
Component: Untriaged → DOM: Security
Product: Firefox → Core
|
|
||
Updated•3 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Whiteboard: [secdom:spec]
|
||
Comment 1•3 years ago
|
||
Unhiding because the chrome issue and the spec issue are both public.
Group: dom-core-security
Whiteboard: [secdom:spec] → [secdom:spec][domsecurity-backlog1]
|
||
Updated•1 year ago
|
Keywords: spec-needed
You need to log in
before you can comment on or make changes to this bug.
Description
•