1.0 KiB
1.0 KiB
| announced | fixed_in | impact | reporter | title | ||
|---|---|---|---|---|---|---|
| July 17, 2007 |
|
High | Michal Zalewski | Unauthorized access to wyciwyg:// documents |
Description
Michal Zalewski reported that it was possible to bypass the same-origin checks and read from cached (wyciwyg) documents.
It is possible to access wyciwyg:// documents without proper same domain policy checks through the use of HTTP 302 redirects.
This enables the attacker to steal sensitive data displayed on dynamically generated pages; perform cache poisoning; and execute own code or display own content with URL bar and SSL certificate data of the attacked page (URL spoofing++).