Closed
Bug 356474
Opened 18 years ago
Closed 18 years ago
[FIX]Scam Site (w/ Frames) not redirecting
Categories
(Core :: DOM: Core & HTML, defect, P1)
Core
DOM: Core & HTML
Tracking
()
VERIFIED
FIXED
mozilla1.9alpha1
People
(Reporter: brian-helge, Assigned: bzbarsky)
References
()
Details
(Keywords: regression, verified1.8.0.9, verified1.8.1.1)
Attachments
(4 files)
74 bytes,
text/html
|
Details | |
197 bytes,
text/html
|
Details | |
1.66 KB,
patch
|
jst
:
review+
jst
:
superreview+
dveditz
:
approval1.8.0.9+
dveditz
:
approval1.8.1.1+
|
Details | Diff | Splinter Review |
1.61 KB,
patch
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 There are sites that try to scam our company (http://www.sandhills-publishings.com/). What they are doing is passing our site (http://www.sandhills.com/) in source of the frames. We are running asp.net and are checking URLs of scam sites. When we find one, we add it to our web.config file, then check the http reference against it. That way, if they are running our web site through a frame, our site will catch it and redirect theirs to our scam site. Reproducible: Always Steps to Reproduce: 1.Go to http://www.sandhills-publishings.com/ with v1.5.0.7 2.Go to http://www.sandhills-publishings.com/ with v1.0.7 3.Go to http://www.sandhills-publishings.com/ with IE (sorry guys, have to put this here to show the results) Actual Results: 1. Stays at http://www.sandhills-publishings.com/ 2. Redirects to http://www.sandhills.com/scam.aspx 3. Redirects to http://www.sandhills.com/scam.aspx Expected Results: v1.5.0.7 should redirect to http://www.sandhills.com/scam.aspx You can contact me at this email for further information.
Comment 1•18 years ago
|
||
This bug is not security-sensitive - that is, it's not a security problem in the Firefox code. Marking it as such just means fewer people look at it. Your frame-busting code: <script language='javascript'>parent.window.location.href='http://www.sandhills.com/scam.aspx';</script> is throwing a security error in my Firefox 2.0beta: Error: uncaught exception: Permission denied to set property Window.window Try putting it actually inside the <html> of your page (for example, in the <head>) rather than above the DOCTYPE. Gerv
Group: security
Comment 2•18 years ago
|
||
definitely a "regression", if possibly to a more-correct state. I doubt the <script> placement is the issue, that code didn't change in 1.5.0.7 and wouldn't have resulted in the error they're seeing. Could have been a crash fix like bug 323641 / bug 348990 perhaps. Maybe bug 343168
Keywords: regression
Comment 3•18 years ago
|
||
OK, totally misleading regression range. 1.5.0.7 has nothing to do with it so ignore the previous bug links. This changed between Firefox 1.5 and 1.5.0.2 (don't have a copy of 1.5.0.1 at the moment). It also changed between FF1.0.7 and 1.0.8 which means the regressing bug fixes are in this set: https://bugzilla.mozilla.org/buglist.cgi?keywords_type=anywords&keywords=fixed-aviary1.0.8%2Cverified-aviary1.0.8 This is due to bug 325297, specifically changing "allAccess" Window.window to Window.window.get. If you drop the ".get" from that one pref this starts working again.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee | ||
Comment 4•18 years ago
|
||
> Error: uncaught exception: Permission denied to set property Window.window Er... where is this _set_ happening, exactly? I see no set in the code in comment 1.
Assignee | ||
Comment 5•18 years ago
|
||
Assignee | ||
Comment 6•18 years ago
|
||
This doesn't point to the subframe attachment because we need a different-origin setup to test. Once bugzilla supports that, we can repoint.
Assignee | ||
Comment 7•18 years ago
|
||
This is a classinfo bug. Brian, changing your JavaScript to do: parent.location.href='http://www.sandhills.com/scam.aspx'; (without the .window part) should fix things for you in the meantime.
Assignee: nobody → general
Blocks: 325297
Component: General → DOM
OS: Windows XP → All
Product: Firefox → Core
QA Contact: general → ian
Hardware: PC → All
Version: unspecified → Trunk
Assignee | ||
Comment 8•18 years ago
|
||
Comment on attachment 242126 [details]
Testcase (should redirect to Google).
Correct behavior for the testcase is to redirect to google.com.
Attachment #242126 -
Attachment description: Testcase → Testcase (should redirect to Google).
Assignee | ||
Comment 9•18 years ago
|
||
Assignee: general → bzbarsky
Status: NEW → ASSIGNED
Attachment #242129 -
Flags: superreview?(jst)
Attachment #242129 -
Flags: review?(jst)
Assignee | ||
Updated•18 years ago
|
Flags: blocking1.8.1.1?
Flags: blocking1.8.0.9?
Priority: -- → P1
Summary: Scam Site (w/ Frames) not redirecting → [FIX]Scam Site (w/ Frames) not redirecting
Target Milestone: --- → mozilla1.9alpha
Assignee | ||
Updated•18 years ago
|
Attachment #242129 -
Flags: approval1.8.1.1?
Attachment #242129 -
Flags: approval1.8.0.9?
Comment 10•18 years ago
|
||
Comment on attachment 242129 [details] [diff] [review] Fix r+sr=jst
Attachment #242129 -
Flags: superreview?(jst)
Attachment #242129 -
Flags: superreview+
Attachment #242129 -
Flags: review?(jst)
Attachment #242129 -
Flags: review+
Assignee | ||
Comment 11•18 years ago
|
||
Fixed on trunk. We really need to have tests making sure that the security policies set in all.js are actually effective (that is, that we allow access to the things that are allowed, and deny for the ones that are denied).
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Flags: in-testsuite?
Resolution: --- → FIXED
Comment 12•18 years ago
|
||
We don't have the capability to run cross-hosted tests yet. I'll get that running soon.
Comment 13•18 years ago
|
||
Comment on attachment 242129 [details] [diff] [review] Fix approved for 1.8/1.8.0 branches, a=dveditz for drivers
Attachment #242129 -
Flags: approval1.8.1.1?
Attachment #242129 -
Flags: approval1.8.1.1+
Attachment #242129 -
Flags: approval1.8.0.9?
Attachment #242129 -
Flags: approval1.8.0.9+
Updated•18 years ago
|
Flags: blocking1.8.1.1?
Flags: blocking1.8.1.1+
Flags: blocking1.8.0.9?
Flags: blocking1.8.0.9+
Assignee | ||
Comment 14•18 years ago
|
||
Comment 17•18 years ago
|
||
Verified using testcase on comment #6 with: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9pre) Gecko/20061128 Firefox/1.5.0.9pre Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1pre) Gecko/20061128 BonEcho/2.0.0.1pre
Status: RESOLVED → VERIFIED
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•