Closed
Bug 212298
Opened 22 years ago
Closed 19 years ago
Simple JS trick to close window without permission
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha1
People
(Reporter: zbraniecki, Assigned: bzbarsky)
References
()
Details
Attachments
(1 file)
|
368 bytes,
text/html
|
Details |
Once more. This script hacks out policy and close main window (opened by user)
without ay confirmation.
Since we're the only browser which fixed bug with overwriting opener=self, i
think that this one has to be fixed too.
|
Reporter | |
Comment 1•22 years ago
|
||
Agh. Summary=>URL
Summary: www.mxstudio.homeschool.pl/testy/close.html → Simple JS trick to close window without permission
|
||
Comment 2•22 years ago
|
||
JS Engine not the right component for this issue. Security? DOM?
Reassigning to Security as a guess; please reassign if incorrect.
Assignee: rogerl → security-bugs
Component: JavaScript Engine → Security: General
QA Contact: pschwartau → carosendahl
|
|
Assignee | |
Comment 3•22 years ago
|
||
"The requested URL /testy/close.html was not found on this server." when loading
http://www.mxstudio.homeschool.pl/testy/close.html
Please point to a useful testcase?
|
|
Reporter | |
Comment 4•22 years ago
|
||
Sorry Boris.
|
|
Assignee | |
Comment 5•22 years ago
|
||
cute... ccing some interested parties.
|
|
Reporter | |
Comment 6•22 years ago
|
||
isn't it?
As i remember there was a patch few months ago to make |opener| readonly. Strange?
|
|
Assignee | |
Comment 7•21 years ago
|
||
*** Bug 245402 has been marked as a duplicate of this bug. ***
|
||
Comment 8•20 years ago
|
||
(In reply to comment #6)
> As i remember there was a patch few months ago to make |opener| readonly. Strange?
The trick was window.open("",window.self.name) and next coding was sufficient.
w=window.self;w.name="foo";wx=window.open("","foo");
=> window.self.opener.name was set to myself("foo" when above coding).
In addition to this, seamonkey 2005120309-trunk/win-2K issued next error message on JavaScript Console when "wx.opener='foo';" was executed, even after above successuful opener change by window.open.
> Error: uncaught exception: [Exception... "Could not convert JavaScript
> argument arg 0 [nsIDOMWindowInternal.opener]" nsresult: "0x80570009
> (NS_ERROR_XPC_BAD_CONVERT_JS)" location: "JS frame ::
It seems to be an evidence that direct window.opener peoperty change by HTML is currently impossibile or inhibited.
Can HTML script of window.open("","foo") change opener of already opened/named window by other domain?
Or it is same domain case only?
|
|
||
Comment 9•20 years ago
|
||
Bug 214986 and Bug 266371 are dups of this?
|
|
Assignee | |
Updated•20 years ago
|
|
|
Assignee | |
Comment 10•19 years ago
|
||
*** Bug 214986 has been marked as a duplicate of this bug. ***
|
|
Assignee | |
Updated•19 years ago
|
Assignee: security-bugs → bzbarsky
|
|
Assignee | |
Comment 11•19 years ago
|
||
Fixed on trunk by patch for bug 266371
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9alpha
You need to log in
before you can comment on or make changes to this bug.
Description
•