Closed
Bug 416574
Opened 16 years ago
Closed 16 years ago
Some URLs can hijack the Main Window when opened in a frameset
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 341604
People
(Reporter: chottan_mottan, Unassigned)
References
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 FirePHP/0.0.5.26 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 FirePHP/0.0.5.26 I have three frames in a frameset, where if I open similar to following to URL, in a frame, it takes over complete window http://www.nytimes.com/2008/02/09/business/09data.html?_r=1&ref=business&oref=slogin http://classifieds.myspace.com/index.cfm?fuseaction=classifieds.viewAd&classifiedID=12310220&catID=2&subCatID=12 Sample code: test.html file <html> <frameset cols="25%,50%,25%"> <frame src="www.craigslist.org"> <frame src="http://www.nytimes.com/2008/02/09/business/09data.html?_r=1&ref=business&oref=slogin"> <frame src="frame_c.htm"> </frameset> </html> Reproducible: Always Steps to Reproduce: 1. Load test.html in a browser Actual Results: NY Times or Myspace Classifieds hijack/redirect the frame to take over complete Window Expected Results: We should be able to open different URLs in different frame This issue can potentially be used as a security hole so I am filing it with high severity.
Reporter | ||
Comment 1•16 years ago
|
||
This issue should get resolved by a fix for bug 341604. BTW, In case of NY times, they are using following frame busting mechanism if (window.self != window.top) { top.location.replace(window.location.href); }
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Depends on: framesandbox
Resolution: --- → DUPLICATE
Reporter | ||
Comment 2•16 years ago
|
||
CCing Ian https://bugzilla.mozilla.org/show_bug.cgi?id=341604#c5 Ian, Can you recommend something for this particular scenario?
Comment 3•16 years ago
|
||
This is not a security hole. It's just tough. If these sites don't want you framing them, then (as things currently stand), you can't. Gerv
You need to log in
before you can comment on or make changes to this bug.
Description
•