Closed Bug 291838 Opened 20 years ago Closed 20 years ago

Navigating backwards can cause cross site scripting

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 291745

People

(Reporter: pvnick, Assigned: dveditz)

References

(
URL
)

Details

(Whiteboard: [sg:dupe 291745])

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705) Build Identifier: http://download.mozilla.org/?product=firefox-1.0.3&os=win&lang=en-US When navigating away from a specially crafted javascript:[script] page, one can press "Back" to reexecute the javascript in the context of the new site. Reproducible: Always Steps to Reproduce: 1. http://greyhatsecurity.org/vulntests/more/cookies.htm 2. wait for the page to load 3. click the link 4. after google loads, press "Back" on the navigation toolbar 5. Javascript executed Actual Results: cross site scripting in the context of google Expected Results: javascript should not be saved in the history (this is a common security precaution, so it would not cause any 3rd party apps to break) internet explorer does not allow javascript:[script] pages to be saved in the history as this was an issue for that browser a while back
Am I missing something? Looks like a dupe to me. *** This bug has been marked as a duplicate of 291745 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:dupe 291745]
Group: security
You need to log in before you can comment on or make changes to this bug.