If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Alert in one tab while another tab loads can cause wrong URL to be displayed in address bar

RESOLVED WORKSFORME

Status

()

Firefox
Security
RESOLVED WORKSFORME
12 years ago
9 years ago

People

(Reporter: Jesse Ruderman, Unassigned)

Tracking

({testcase})

Trunk
PowerPC
Mac OS X
testcase
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Reporter)

Description

12 years ago
Split from bug 339918.
(Reporter)

Comment 1

12 years ago
Created attachment 224031 [details]
two.html
(Reporter)

Comment 2

12 years ago
Created attachment 224033 [details]
one.html
(Reporter)

Comment 3

12 years ago
To reproduce, load one.html and click the button.  Soon you'll see two.html's URL displayed in the address bar even though one.html is the foreground tab.

I don't know kind of spoofing can be done (if any) using this bug when the two pages do not cooperate.

Tested with a Mac trunk Firefox nightly from 2006-05-25.

Comment 4

10 years ago
bug 339918 is fixed now. are the security risks in this one now sealed off?

pvnick or jesse. can you retest and get nominations on this bug if it is still a problem on trunk or 1.9?
(Reporter)

Comment 5

9 years ago
URL confusion WFM, Mac trunk debug.  I had to move my address bar to the left so the alert() sheet wouldn't cover it.

Cross-domain, this isn't allowed:

"Error: Permission denied for <https://bugzilla.mozilla.org> to get property Window.alert from <https://test1.bugzilla.mozilla.org>.
Source File: https://bugzilla.mozilla.org/attachment.cgi?id=224031
Line: 2"

When the pages are same-domain, they can cause each other to alert() anyway.
Group: core-security
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.