Closed
Bug 937249
Opened 11 years ago
Closed 11 years ago
Bypassing Origin Policy with Adobe Flash
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: dhavalchauhan171994, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.04 Chromium/11.0.696.65 Chrome/11.0.696.65 Safari/534.24 Steps to reproduce: Steps to reproduce : 1. Check this link : http://dracuno.shuthub.com/domain_bypass.swf?clickTAG=data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pOzwvc2NyaXB0Pg== This opens up a New Tab but inherits same origin policy 2. Check this link : http://dracuno.shuthub.com/302.php Source : <?php header("Location: data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pOzwvc2NyaXB0Pg=="); exit; ?> And a new Tab is opened with NULL origin So, Adobe Flash is used to Bypass Origin Policy in Firefox
Comment 1•11 years ago
|
||
I don't think this is a bug. window.open("data:...") inherits the principal/permissions by design. We don't inherit principals for redirects because there's no obvious principal to inherit.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
Reporter | ||
Comment 2•11 years ago
|
||
Basically what i am saying is : <html> <script> window.open("data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pOzwvc2NyaXB0Pg=="); </script> <body> </body> </html> Opens up a new window but it doesn't contain a document.domain data But that flash file redirect inherits the document.domain
Reporter | ||
Comment 3•11 years ago
|
||
(In reply to Benjamin Smedberg [:bsmedberg] from comment #1) > I don't think this is a bug. window.open("data:...") inherits the > principal/permissions by design. We don't inherit principals for redirects > because there's no obvious principal to inherit. Basically what i am saying is : <html> <script> window.open("data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pOzwvc2NyaXB0Pg=="); </script> <body> </body> </html> Opens up a new window but it doesn't contain a document.domain data But that flash file redirect inherits the document.domain
Comment 4•11 years ago
|
||
Why are you saying that? I just tried it, and it does contain the document.domain and inherit permissions.
Reporter | ||
Comment 5•11 years ago
|
||
(In reply to Benjamin Smedberg [:bsmedberg] from comment #4) > Why are you saying that? I just tried it, and it does contain the > document.domain and inherit permissions. That's weird Check this : http://youtu.be/ucA3-CWIo7c
Reporter | ||
Comment 6•11 years ago
|
||
(In reply to Dhaval Chauhan from comment #5) > (In reply to Benjamin Smedberg [:bsmedberg] from comment #4) > > Why are you saying that? I just tried it, and it does contain the > > document.domain and inherit permissions. Sorry, I messed up It does contain the document.domain Thanks for the help though
You need to log in
before you can comment on or make changes to this bug.
Description
•