Vulnerability Development mailing list archives
Netscape cross domain security hole
From: Avi Mozes <amozes () hotmail com>
Date: 10 Jan 2002 21:59:50 -0000
I found out that Netscape doesn't have security when it comes to accessing sites from domain to domain. This seems to work in 4.7x -- I have not tried it out yet in Netscape 6. What this hole allows you to do is run any Javascript (and VBScript) functions on any site as well as change values of global variables. This allows you to run functions that you shouldn't run or set variables to values that could damage or allow you to access information. The way it's done: have a page open (with a simple window.open command using a window handle) any site. To run a function, run on the parent page: winhandle.function(param); To change any variable: winhandle.var = value; One exploit is with cookies where you are able to get and set cookies if the site has cookie functions. This will make it able for you to set cookies from that domain. If a site relies on Javascript or cookies for some point of thier security system, this could be even more damaging. And lastly, it can grab user information if a user uses a page with this exploit and continues to another domain opened by the page. Let me know your ideas on this. Avi amozes () hotmail com
Current thread:
- Netscape cross domain security hole Avi Mozes (Jan 10)
- Re: Netscape cross domain security hole Henri Torgemane (Jan 10)