Closed
Bug 563804
Opened 14 years ago
Closed 14 years ago
Possible to detect protocol + domain of a different-origin window from same-origin exception message
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 549459
People
(Reporter: futurama, Unassigned)
Details
(Whiteboard: [sg:dupe 549459])
Attachments
(1 file)
823 bytes,
application/zip
|
Details |
User-Agent: Opera/9.80 (Windows NT 5.1; U; en) Presto/2.5.24 Version/10.53 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) The exceptions thrown for setting certain properties of different_origin_window.location contain the protocol and domain of that window, which could be used to spy on the domains users visit as they browse the web. Reproducible: Always Steps to Reproduce: 1. Open the attached firefox_domain_spy.zip/test.html in Firefox 3.6 or above. 2. Click the button 3. Navigate the web in the main window. Actual Results: The popup window is able to detect the protocol and domain name of the pages the user navigated to. Expected Results: The popup window not to be able to detect that information.
Reporter | ||
Comment 1•14 years ago
|
||
Updated•14 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
Updated•14 years ago
|
Whiteboard: [sg:dupe 549459]
Updated•13 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•