Bugtraq mailing list archives
seamless bait-and-switch
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Thu, 8 Dec 2011 01:30:09 -0800
Hello world, Another whimsical browser proof-of-concept: http://lcamtuf.coredump.cx/switch/ It seems that relatively few people realize that holding a JavaScript handle to another window (either because we opened it, or because the window was at some point displaying our content) allows the attacker to tamper with the location and history objects at will, largely bypassing the usual SOP controls. With some minimal effort and the help of data: / javascript: URLs or precached pages, this can be leveraged to replace content in a manner that will likely escape even fairly attentive users. /mz PS. Obligatory plug: http://lcamtuf.coredump.cx/tangled/
Current thread:
- seamless bait-and-switch Michal Zalewski (Dec 08)
- Message not available
- Message not available
- Re: seamless bait-and-switch Michal Zalewski (Dec 08)
- Message not available
- Re: seamless bait-and-switch Michal Zalewski (Dec 09)
- Re: seamless bait-and-switch Jann Horn (Dec 09)
- Re: seamless bait-and-switch Charles Morris (Dec 12)
- Message not available
- Message not available