Closed
Bug 37907
Opened 25 years ago
Closed 25 years ago
opener.location allows tracking user's browsing
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M16
People
(Reporter: norrisboyd, Assigned: security-bugs)
Details
(Whiteboard: [nsbeta2+])
Attachments
(1 file)
(deleted),
text/html
|
Details |
Subject:
BUG: opener.location allows tracking user's browsing
Date:
Tue, 02 May 2000 15:58:47 +0300
From:
Georgi Guninski <joro@nat.bg>
To:
Norris Boyd <norris@netscape.com>
opener.location allows tracking user's browsing
The code is:
-----------------------------------
<SCRIPT>
a=window.open("javascript:s='Location='+opener.location+
'<SCRIPT>setInterval(\"location.reload()\",2000)</'+'SCRIPT>'
");
</SCRIPT>
-----------------------------------
Reporter | ||
Comment 1•25 years ago
|
||
Assignee | ||
Comment 2•25 years ago
|
||
Need to double-check default security policy for opener.location, make sure
sameOrigin check is happning. . I can deal with this.
Status: NEW → ASSIGNED
Target Milestone: --- → M16
Assignee | ||
Comment 5•25 years ago
|
||
Hmm, tested this today on NT and Linux, and it doesn't work as described. The
location is not showing up in the other window. I'm not sure if the security
manager is preventing it, or if this is due to some other bug.
Comment 7•25 years ago
|
||
I tried both my code and his code, netscape browser can't write string from one
window to another which I think is less flexible but more secure. the IE can
display the opener's location, even so, it is not that bad, the thing wrote into
another window is the first location of the first window, when the first window
browers other link, the location displayed in other window is still the
first location of the first window, you'll know what I am saying when running
both test cases. I don't consider this is a security bug, it is quite like
bug 37905, but it is actually not happening that way.
<HTML>
<SCRIPT>
a=window.open("about:blank");
function go() {
s="<html><body>location: "+a.opener.location+"</body></html>";
a.document.write(s);
}
go();
</SCRIPT>
Browse and look at the other window to see what you are browsing
<BR>
<A HREF="http://www.mozilla.org">www.mozilla.org</A>
<BR>
<A HREF="http://www.yahoo.com">Yahoo</A>
</BR>
</HTML>
Assignee | ||
Comment 8•25 years ago
|
||
Fix checked in...it was a bug in nsScriptSecurityManager.
Assignee | ||
Comment 9•25 years ago
|
||
Marking FIXED.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Comment 10•25 years ago
|
||
the bug is fixed, nothing is showing in the opened window.
Status: RESOLVED → VERIFIED
Assignee | ||
Comment 11•24 years ago
|
||
Opening fixed security bugs to the public.
Group: netscapeconfidential?
Updated•19 years ago
|
Flags: testcase+
Updated•18 years ago
|
Flags: in-testsuite+ → in-testsuite?
You need to log in
before you can comment on or make changes to this bug.
Description
•