Closed Bug 1815375 Opened 3 years ago Closed 3 years ago

The website can know the URL you entered in the second tab if the two tabs are same-origin

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
Firefox 109
Type:
defect

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: duckhiem, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

Steps to reproduce:

On macOS Ventura 13.1, open Firefox, clear all the caches, re-start Firefox.

Load the first URL:

https://mdn.github.io/dom-examples/web-storage/event.html

In this website, the URL line has no value.

Open the second tab, load the second URL:

https://mdn.github.io/dom-examples/web-storage

Go back to the first tab where https://mdn.github.io/dom-examples/web-storage/event.html is, the URL line shows https://mdn.github.io/dom-examples/web-storage.

Actual results:

The first tab can know the second tab is loaded when the second URL is a sub-page of the first URL.

Expected results:

I don't know, I just concern about this behavior.

Same-origin pages loaded in the browser can communicate with each other. This is just a given of how the web is architected, happens in all browsers, and is not a security issue. The same issue would not work if the second page was not also loaded from https://mdn.github.io, which is how security boundaries are enforced.

Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → INVALID
Summary: The website can know the URL you entered in the second tab if the URL is a sub-page on the website → The website can know the URL you entered in the second tab if the two tabs are same-origin
You need to log in before you can comment on or make changes to this bug.