Wednesday 14 March 2018

Information Leakage Through Child Tab - Mozilla

Hi Internet,

This bug was marked as RESOLVED and WONTFIX by Mozilla team but it was a good finding and learning for me hope you enjoy the read.
PS: The below issue also work when you are in "Incognito Mode/Private Browsing"
Summary:
You just need to press SHIFT+CTRL+N to restore your session even if you have closed your child tab in Mozilla browser, I may not be able to explain well but here is what i got.

The application which have some services which opens in child tab (Using Auth) and once the user perform his/her activity, and logout from the session or close the child tab, still by pressing SHIFT+CTRL+N open's up the same child tab with information which was feed by the above user, without providing any user creds.

Example 1:
1. Login to blogger.com
2. Navigate to Layout
3. Edit any gadgets from it (Its opens up a child tab)
4. Close the child tab, Logout from Gmail
5. Press SHIFT+CTRL+N you will be able to see the above child tab

Impact and Assumption:
Information leakage, lets suppose a scenario where user feed his/her credit card details or such in child tab. I am not sure, by pressing SHIFT+CTRL+N something like this should happen or not or its working as intended.

Mozilla says:
We allow you to undo close tab in private browsing, so undo'ing closing a window seems straightforward as something we will want to continue doing. Certainly I don't think this is a security issue that needs to stay hidden. The website could defend against this type of thing by checking login state when a page loads.

But, I browsed to many famous services offered over the Internet and this perfectly works over there and application directly allows you to restore back with your session from where you left, Obviously we can't perform any dynamic activity but can view data.

Example 2:
This is one of the well know bank in India which allows users to do netbanking but opens the login portal in child tab,
I logged in as genuine user performed my activity and closed my child tab, hence forth just press SHIFT+CTRL+N and your session will be restored back.

Now, this bank uses only POST method so when I clicked SHIFT+CTRL+N it gave me error of HTTP Method, well I just went to network tab and send the response again in POST method and guess what it gave me 200 OK and response was perfectly shown from where I left.

Here is an example javascript which open Facebook in child tab.

Regards
Dhiraj
Share:

0 coment�rios:

Post a Comment