Possible Location bar Spoofing using location.reload on the <body>

RESOLVED WORKSFORME

Status

()

Core
General
RESOLVED WORKSFORME
8 years ago
2 years ago

People

(Reporter: Jordi Chancel, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:needinfo])

Attachments

(1 attachment)

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.1; fr; rv:1.9.2.7) Gecko/20100701 Firefox/3.6.7
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; fr; rv:1.9.2.7) Gecko/20100701 Firefox/3.6.7

When you are on an web-adress and load a 2nd adresse that contains location.reload() on the <body> ,
they change the document.location and steal the content of previous web page 

Example : 
<html>  
<body onload="location.reload();">
</body>
</html>

Reproducible: Sometimes

Steps to Reproduce:
1.enter a first address
2.enter a second address with location.reload on the body

Actual Results:  
the location bar is spoofed


Vulnerability found by Jordi Chancel & 599eme Man
I'm not sure I follow.  location.reload on a page will .... reload that page.  What's the issue?
(Reporter)

Comment 2

8 years ago
Created attachment 456559 [details]
TESTCASE1

TestCase 1

Comment 3

8 years ago
Can you give more precise steps to reproduce, and describe the incorrect result we should be looking for?  I didn't see anything obviously wrong when I clicked the link in the testcase.

Updated

8 years ago
Whiteboard: [sg:needinfo]
I think we all agree we don't see anything wrong with your testcase.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → WORKSFORME

Updated

3 years ago
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.