From: Berend-Jan Wever (SkyLinededup.tudelft.nl)
Date: Fri Apr 02 2004 - 05:25:14 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You can add properties to any object, that's normal behaviour in IE.
It is a Cross-site sripting (XSS) bug if you can write it on a site on
domain A and read it from another site on domain B. Migitating factor for
this is that you can not read anything but the properties you've added. I
don't think any site has anything worth stealing hidden in there ;) But it
would be a cool way to implement a pipe across domains, using this propertie
as a buffer.

Cheers,
SkyLined

----- Original Message -----
From: "Uli Häfele" <uli.haefelemindlab.de>
To: <vuln-devsecurityfocus.com>
Sent: Thursday, April 01, 2004 18:22
Subject: IE Bug in Javascript Navigator Object

> I discovered a strange thing with the MS/IE recently. The Javascript
> Navigator Object can be written by just adding a property.
> The following code used within an html page
>
> <script>
> navigator.myString = "Hello world";
> </script>
>
> adds the property myString to the navigator object.
> The content of the navigator object is existent as long as the current
> Browser window is open.
> I can read the content of the object even from different domains (first
> domain writes the string, second domain reads it)
> Mozilla doesn't allow the navigator object to cross the domain borders.
>
> I'm not even sure if this is a bug. Is this behaviour correct?
>
>
> _________________________________
>
> Access your knowledge
> http://www.mindlab.de/
>
>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]