Closed
Bug 37907
Opened 24 years ago
Closed 24 years ago
opener.location allows tracking user's browsing
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M16
People
(Reporter: norrisboyd, Assigned: security-bugs)
Details
(Whiteboard: [nsbeta2+])
Attachments
(1 file)
340 bytes,
text/html
|
Details |
Subject: BUG: opener.location allows tracking user's browsing Date: Tue, 02 May 2000 15:58:47 +0300 From: Georgi Guninski <joro@nat.bg> To: Norris Boyd <norris@netscape.com> opener.location allows tracking user's browsing The code is: ----------------------------------- <SCRIPT> a=window.open("javascript:s='Location='+opener.location+ '<SCRIPT>setInterval(\"location.reload()\",2000)</'+'SCRIPT>' "); </SCRIPT> -----------------------------------
Reporter | ||
Comment 1•24 years ago
|
||
Assignee | ||
Comment 2•24 years ago
|
||
Need to double-check default security policy for opener.location, make sure sameOrigin check is happning. . I can deal with this.
Status: NEW → ASSIGNED
Target Milestone: --- → M16
Assignee | ||
Comment 5•24 years ago
|
||
Hmm, tested this today on NT and Linux, and it doesn't work as described. The location is not showing up in the other window. I'm not sure if the security manager is preventing it, or if this is due to some other bug.
Comment 7•24 years ago
|
||
I tried both my code and his code, netscape browser can't write string from one window to another which I think is less flexible but more secure. the IE can display the opener's location, even so, it is not that bad, the thing wrote into another window is the first location of the first window, when the first window browers other link, the location displayed in other window is still the first location of the first window, you'll know what I am saying when running both test cases. I don't consider this is a security bug, it is quite like bug 37905, but it is actually not happening that way. <HTML> <SCRIPT> a=window.open("about:blank"); function go() { s="<html><body>location: "+a.opener.location+"</body></html>"; a.document.write(s); } go(); </SCRIPT> Browse and look at the other window to see what you are browsing <BR> <A HREF="http://www.mozilla.org">www.mozilla.org</A> <BR> <A HREF="http://www.yahoo.com">Yahoo</A> </BR> </HTML>
Assignee | ||
Comment 8•24 years ago
|
||
Fix checked in...it was a bug in nsScriptSecurityManager.
Assignee | ||
Comment 9•24 years ago
|
||
Marking FIXED.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Comment 10•24 years ago
|
||
the bug is fixed, nothing is showing in the opened window.
Status: RESOLVED → VERIFIED
Assignee | ||
Comment 11•24 years ago
|
||
Opening fixed security bugs to the public.
Group: netscapeconfidential?
Updated•19 years ago
|
Flags: testcase+
Updated•17 years ago
|
Flags: in-testsuite+ → in-testsuite?
You need to log in
before you can comment on or make changes to this bug.
Description
•