Closed Bug 339928 Opened 19 years ago Closed 16 years ago

Alert in one tab while another tab loads can cause wrong URL to be displayed in address bar

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: jruderman, Unassigned)

Details

(Keywords: testcase)

Attachments

(2 files)

two.html
44 bytes, text/html
Details
one.html
125 bytes, text/html
Details
Split from bug 339918.
Attached file two.html
Attached file one.html
To reproduce, load one.html and click the button. Soon you'll see two.html's URL displayed in the address bar even though one.html is the foreground tab. I don't know kind of spoofing can be done (if any) using this bug when the two pages do not cooperate. Tested with a Mac trunk Firefox nightly from 2006-05-25.
bug 339918 is fixed now. are the security risks in this one now sealed off? pvnick or jesse. can you retest and get nominations on this bug if it is still a problem on trunk or 1.9?
URL confusion WFM, Mac trunk debug. I had to move my address bar to the left so the alert() sheet wouldn't cover it. Cross-domain, this isn't allowed: "Error: Permission denied for <https://bugzilla.mozilla.org> to get property Window.alert from <https://test1.bugzilla.mozilla.org>. Source File: https://bugzilla.mozilla.org/attachment.cgi?id=224031 Line: 2" When the pages are same-domain, they can cause each other to alert() anyway.
Group: core-security
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: