Closed
Bug 676975
Opened 13 years ago
Closed 7 years ago
onbeforeunload security issue
Categories
(Core :: DOM: Events, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: zigmatn, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: sec-low, Whiteboard: [sg:low spoof])
Attachments
(1 file)
9.88 KB,
application/zip
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Steps to reproduce:
The issue discussed is more unwanted then a security issue , through a pre-made sceanrio , a hacker can use it to achieve a malicious activity.
Since the URL Address Bar doesnt get flushed after triggering an onbeforeunload event , neither forced to indicate the real URL address , a hacker can ( in a way ) convince the user to navigate to a trusted domain and display hacker-controlled content on behalf of the trusted domain through a combinaison of an iframe and triggering the onbeforeunload event.
AMOR Mohamed Amine
Actual results:
Malicious contents get displayed on behalf of the trusted domain.
Expected results:
URL Address Bar gets flushed after triggering the onbeforeunload event.
Reporter | ||
Comment 1•13 years ago
|
||
Updated•13 years ago
|
Attachment #551187 -
Attachment mime type: application/octet-stream → application/zip
Updated•13 years ago
|
Group: core-security
Updated•13 years ago
|
Whiteboard: [sg:low spoof]
Updated•13 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 3•7 years ago
|
||
I am no longer able to reproduce this bug. Here are the steps I followed:
1. Serve the test page locally and browse to it.
2. Click on the page.
3. Press the back button (or close the tab).
The URL bar shows the URL of the test page at all times.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•