[cap-talk] Security considerations for cookies
David Wagner
daw at cs.berkeley.edu
Wed Feb 17 10:04:09 PST 2010
Mark Seaborn wrote:
>What's not clear to me is which tabs you're saying the attacker can
>navigate. Suppose the browser has two tabs open:
> * Tab A: https://webmail.com/users-webmail-webkey
> * Tab B: https://attacker.com
[...]
>Are you saying that the attacker can also cause tab A to navigate to an
>attacker-supplied web-key?
Adam can give you an authoritative answer. I think it depends
upon the provenance of Tab A (how it was opened). I highly recommend
this paper (Adam is a co-author):
http://www.adambarth.com/papers/2008/barth-jackson-mitchell.pdf
Also, Google's Browser Security Handbook is often a useful resource
for these kinds of questions, although it doesn't seem to have very
clear coverage of frame/tab navigation issues:
http://code.google.com/p/browsersec/wiki/Main
I have a recollection that script from Tab A can navigate Tab B if
Tab A opened Tab B, but I'm not certain about that. I also have a
vague recollection that Tab A may be able to navigate Tab B if Tab B
was opened with a name that is guessable or known to Tab A. But see
Adam's paper for the definitive answers; I'm just going from memory,
and my memory is probably wrong. It's tricky and at times
counter-intuitive (at least for me). Don't you just love web
security?
More information about the cap-talk
mailing list