Cross Domain Data Access via JavaScript: window.open
The Analysis In 2008, we prepared a quick short demo about "Cross-Domain Autcomplete Data Access" or " How Bad Guys Steal your Login Info Smartly ". Let's learn about another not-so-old cross-domain vulnerability in Firefox 4 - Firefox 11 discovered by Jordi Chancel, Eddy Bordi, and Chris McGowen . The bug relied on the Firefox's processing of the JavaScript "window.open()" API. The proof-of-concept exploit comprised of two components: A client-side page that does a redirection trick with JavaScript API - history.back(), history.forward() and A server-side page that does a redirection trick with JavaScript API - history.forward() and a server-side timing redirection to an ARBITRARY web site Brandon the explained the root cause in a simple way in the Bugzilla post: When using window.open and some APIs to navigate the opened document, it is possible to navigate the opened document to a different