Closed Bug 37907 Opened 25 years ago Closed 25 years ago

opener.location allows tracking user's browsing

Categories

(Core :: Security, defect, P3)

x86
Windows NT
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: norrisboyd, Assigned: security-bugs)

Details

(Whiteboard: [nsbeta2+])

Attachments

(1 file)

Subject: BUG: opener.location allows tracking user's browsing Date: Tue, 02 May 2000 15:58:47 +0300 From: Georgi Guninski <joro@nat.bg> To: Norris Boyd <norris@netscape.com> opener.location allows tracking user's browsing The code is: ----------------------------------- <SCRIPT> a=window.open("javascript:s='Location='+opener.location+ '<SCRIPT>setInterval(\"location.reload()\",2000)</'+'SCRIPT>' "); </SCRIPT> -----------------------------------
Attached file test case (deleted) —
Need to double-check default security policy for opener.location, make sure sameOrigin check is happning. . I can deal with this.
Status: NEW → ASSIGNED
Target Milestone: --- → M16
Marking nsbeta2.
Keywords: nsbeta2
Putting on [nsbeta2+] radar for beta2 fix.
Whiteboard: [nsbeta2+]
Hmm, tested this today on NT and Linux, and it doesn't work as described. The location is not showing up in the other window. I'm not sure if the security manager is preventing it, or if this is due to some other bug.
Changed QA contact to Cathy.
QA Contact: junruh → czhang
I tried both my code and his code, netscape browser can't write string from one window to another which I think is less flexible but more secure. the IE can display the opener's location, even so, it is not that bad, the thing wrote into another window is the first location of the first window, when the first window browers other link, the location displayed in other window is still the first location of the first window, you'll know what I am saying when running both test cases. I don't consider this is a security bug, it is quite like bug 37905, but it is actually not happening that way. <HTML> <SCRIPT> a=window.open("about:blank"); function go() { s="<html><body>location: "+a.opener.location+"</body></html>"; a.document.write(s); } go(); </SCRIPT> Browse and look at the other window to see what you are browsing <BR> <A HREF="http://www.mozilla.org">www.mozilla.org</A> <BR> <A HREF="http://www.yahoo.com">Yahoo</A> </BR> </HTML>
Fix checked in...it was a bug in nsScriptSecurityManager.
Marking FIXED.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
the bug is fixed, nothing is showing in the opened window.
Status: RESOLVED → VERIFIED
Opening fixed security bugs to the public.
Group: netscapeconfidential?
Flags: testcase+
Flags: in-testsuite+ → in-testsuite?
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: