User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; fr; rv:220.127.116.11) Gecko/20100701 Firefox/3.6.7 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; fr; rv:18.104.22.168) Gecko/20100701 Firefox/3.6.7 When you are on an web-adress and load a 2nd adresse that contains location.reload() on the <body> , they change the document.location and steal the content of previous web page Example : <html> <body onload="location.reload();"> </body> </html> Reproducible: Sometimes Steps to Reproduce: 1.enter a first address 2.enter a second address with location.reload on the body Actual Results: the location bar is spoofed Vulnerability found by Jordi Chancel & 599eme Man
I'm not sure I follow. location.reload on a page will .... reload that page. What's the issue?
Can you give more precise steps to reproduce, and describe the incorrect result we should be looking for? I didn't see anything obviously wrong when I clicked the link in the testcase.
I think we all agree we don't see anything wrong with your testcase.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.