Closed
Bug 130394
Opened 23 years ago
Closed 22 years ago
Location bar spoofing using document.write
Categories
(Core Graveyard :: Security: UI, defect, P1)
Tracking
(Not tracked)
VERIFIED
FIXED
psm2.2
People
(Reporter: security-bugs, Assigned: KaiE)
References
(Blocks 1 open bug, )
Details
(Whiteboard: [sg:openended])
This is pretty serious. Open a window to a secure site (like a bank), then document.write some content into that window. The content is replaced, but the URL bar, lock icon, and certificate information remain. We may need to return to a wysiwyg: URL scheme for document.open'ed pages. At the very least, we need to clear the SSL status when we document.open.
Reporter | ||
Comment 2•23 years ago
|
||
My bad...wysiwyg URLs have already been implemented, and the URL bar now shows the URL of the page containing the script that did the document.open. This is correct. However, we still need to re-evaluate the SSL UI status when document.open() is called. Reassigning to PSM and CC'ing some key people.
Component: Security: General → Client Library
Product: Browser → PSM
Target Milestone: mozilla1.0 → ---
Version: other → 2.2
Reporter | ||
Comment 3•23 years ago
|
||
Over to stephane
Assignee: mstoltz → ssaux
Status: ASSIGNED → NEW
QA Contact: bsharma → junruh
Updated•23 years ago
|
Assignee | ||
Comment 8•23 years ago
|
||
The suggested patch in bug 130949 seems to fix this bug. Testing required.
Assignee | ||
Comment 11•23 years ago
|
||
This should be fixed by the patch checked in with bug 130949.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 13•23 years ago
|
||
We should either reopen this bug or open a new one. Because I did a lot of work on the lock icon behaviour recently, I thought it makes sense to try this testcase again. I now see a strange new behaviour, that is similar to the originally reported problem. The problem appears only the first time you try it during a session. Go to: http://warp.mcom.com/u/mstoltz/bugs/spoof.html Actual behaviuor: - the page loads - the new window opens - a crypto warning is shown - the "bank of america" page loads and is displayed - the URL location bar displays the "bank of america" URL. BUT The displayed content is a mixture of the "bank of america" content and in addition, the JavaScript output Would you believe this is BofA? is shown on top of the page! I can always reproduce this on Linux, but only when trying the first time after starting the browser. This might be related to timing. If you don't see it immediately, try it again.
Comment 14•22 years ago
|
||
Reopening bug per comment 13 -- this doesn't sound fixed in 1.0
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
This sounds very serious. Can anyone reproduce it? Too bad the test page is behind the firewall.
Comment 16•22 years ago
|
||
I cannot reproduce this. After the windows are opened. BofA does not appear in the URL bar.
Comment 17•22 years ago
|
||
I haven;t tried to reproduce this specifically, but I fixed a urlbar spoofing bug for document.write() pages last week.
Assignee | ||
Comment 18•22 years ago
|
||
Maybe I did confuse you, please re-read comment 13. The original problem, spoofing in the URL bar, seems fixed. The new problem is NOT in the URL bar, it is in the "Content area" of the displayed page. See comment 13 for the description. I haven't tried since a while. If you can not reproduce the problem, I'll try again using a recent version.
Comment 19•22 years ago
|
||
WFM. A new window does not even open with the 9/27 Win2000 trunk build.
Status: REOPENED → RESOLVED
Closed: 23 years ago → 22 years ago
Resolution: --- → WORKSFORME
Assignee | ||
Comment 21•22 years ago
|
||
Reopening. The fact that "window open" does temporarily not work, does not mean this bug is fixed. (I suspect you either are currently blocking popup ads or there is a regression somewhere else in JavaScript code.)
Status: VERIFIED → REOPENED
Resolution: WORKSFORME → ---
Whiteboard: [sg:openended]
Assignee | ||
Comment 22•22 years ago
|
||
Ok, I'm convinced, I'm marking it back to fixed. I tried to reproduce my new problem, but I no longer can.
Status: REOPENED → RESOLVED
Closed: 22 years ago → 22 years ago
Resolution: --- → FIXED
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•