Exploit using target="_blank"

Discussion of general topics about Seamonkey
Post Reply
Anonymosity
Posts: 8779
Joined: May 7th, 2007, 12:07 pm

Exploit using target="_blank"

Post by Anonymosity »

There is a target="_blank" exploit demonstrated at this page: https://mathiasbynens.github.io/rel-noopener/
Does the same exploit work with target="_new"? Is there anything fundamentally different about how that code works, compared to target="_blank"?
User avatar
therube
Posts: 21703
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Re: Exploit using target="_blank"

Post by therube »

(Not having any clue... dealing with an undated web page [don't you love that, but appears to be 10-25-2018 - at the latest]...)

Exploit is (relatively ~2017) old.
Presumably fixed in FF 52, so likewise presumably that fix flowed through to SeaMonkey.
Mozilla not be total ignoramuses would have taken associated items, like _new into account when fixing the issue.

(And I could be totally wrong :-).)


SeaMonkey 2.49, 2.53, PM 28.5, FF 52 all look to give the same results.
Quantum gives different results giving "The previous tab is safe and intact. window.opener was null; mischief not managed!" for all tabs (vs. only some for the others).
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
Anonymosity
Posts: 8779
Joined: May 7th, 2007, 12:07 pm

Re: Exploit using target="_blank"

Post by Anonymosity »

That exploit worked on all my browsers without some installed script to defeat it. Maybe I should just modify that script to include target="_new".
User avatar
therube
Posts: 21703
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Re: Exploit using target="_blank"

Post by therube »

That's the thing. Not really sure just what I'm supposed to be seeing.
And very possible that over time, allowed behavior changed (& so the difference between FF 52 & Quantum).
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
Anonymosity
Posts: 8779
Joined: May 7th, 2007, 12:07 pm

Re: Exploit using target="_blank"

Post by Anonymosity »

I have 5 different browsers with 5 different rendering engines. With no script protection against that exploit, all were susceptible to the exploit. The oldest is Safari, last updated in 2018, but the others are much more recent.
Anonymosity
Posts: 8779
Joined: May 7th, 2007, 12:07 pm

Re: Exploit using target="_blank"

Post by Anonymosity »

I just found out that browsers were setup to recognize rel="noopener" something like 2 years ago. That does not help if a web page is not using that code.
Post Reply