opener.location allows tracking user's browsing

VERIFIED FIXED in M16

Status

()

Core
Security
P3
normal
VERIFIED FIXED
18 years ago
11 years ago

People

(Reporter: Norris Boyd, Assigned: Mitchell Stoltz (not reading bugmail))

Tracking

Trunk
x86
Windows NT
Points:
---
Bug Flags:
in-testsuite ?

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [nsbeta2+])

Attachments

(1 attachment)

(Reporter)

Description

18 years ago
Subject: 
        BUG: opener.location allows tracking user's browsing
   Date: 
        Tue, 02 May 2000 15:58:47 +0300
   From: 
        Georgi Guninski <joro@nat.bg>
     To: 
        Norris Boyd <norris@netscape.com>




opener.location allows tracking user's browsing
The code is:
-----------------------------------
<SCRIPT>
a=window.open("javascript:s='Location='+opener.location+
'<SCRIPT>setInterval(\"location.reload()\",2000)</'+'SCRIPT>'
");
</SCRIPT>
-----------------------------------
(Reporter)

Comment 1

18 years ago
Created attachment 8207 [details]
test case
(Assignee)

Comment 2

18 years ago
Need to double-check default security policy for opener.location, make sure
sameOrigin check is happning. . I can deal with this.
Status: NEW → ASSIGNED
Target Milestone: --- → M16
(Assignee)

Comment 3

18 years ago
Marking nsbeta2.
Keywords: nsbeta2

Comment 4

18 years ago
Putting on [nsbeta2+] radar for beta2 fix.
Whiteboard: [nsbeta2+]
(Assignee)

Comment 5

18 years ago
Hmm, tested this today on NT and Linux, and it doesn't work as described. The 
location is not showing up in the other window. I'm not sure if the security 
manager is preventing it, or if this is due to some other bug.

Comment 6

18 years ago
Changed QA contact to Cathy.
QA Contact: junruh → czhang

Comment 7

18 years ago
I tried both my code and his code, netscape browser can't write string from one 
window to another which I think is less flexible but more secure. the IE can 
display the opener's location, even so, it is not that bad, the thing wrote into 
another window is the first location of the first window, when the first window 
browers other link, the location displayed in other window is still the 
first location of the first window, you'll know what I am saying when running 
both test cases. I don't consider this is a security bug, it is quite like 
bug 37905, but it is actually not happening that way.

<HTML>
<SCRIPT>
a=window.open("about:blank");
function go() {
s="<html><body>location: "+a.opener.location+"</body></html>";
a.document.write(s);
}
go();

</SCRIPT>
Browse and look at the other window to see what you are browsing
<BR>
<A HREF="http://www.mozilla.org">www.mozilla.org</A>
<BR>
<A HREF="http://www.yahoo.com">Yahoo</A>
</BR>
</HTML>       
(Assignee)

Comment 8

18 years ago
Fix checked in...it was a bug in nsScriptSecurityManager.
(Assignee)

Comment 9

18 years ago
Marking FIXED.
Status: ASSIGNED → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → FIXED

Comment 10

18 years ago
the bug is fixed, nothing is showing in the opened window.
Status: RESOLVED → VERIFIED
(Assignee)

Comment 11

17 years ago
Opening fixed security bugs to the public.
Group: netscapeconfidential?

Updated

12 years ago
Flags: testcase+

Updated

11 years ago
Flags: in-testsuite+ → in-testsuite?
You need to log in before you can comment on or make changes to this bug.