Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

Phishing by Navigating Browser Tabs

Severity: Low
Summary#

Invicti identified possible phishing by navigating browser tabs but was unable to confirm the vulnerability.

Open windows with normal hrefs with the tag target="_blank" can modify window.opener.location and replace the parent webpage with something else, even on a different origin.

Impact#

While this vulnerability doesn't allow script execution, it does allow phishing attacks that silently replace the parent tab. If the links lack rel="noopener noreferrer" attribute, a third party site can change the URL of the source tab using window.opener.location.assign and trick the users into thinking that they’re still in a trusted page and lead them to enter their sensitive data on the malicious website.

Remediation#
  • Add rel=noopener to the links to prevent pages from abusing window.opener. This ensures that the page cannot access the window.opener property in Chrome and Opera browsers.

  • For older browsers and in Firefox, you can add rel=noreferrer which additionally disables the Referer header.
<a href="..." target="_blank" rel="noopener noreferrer">...</a>
Classifications#
, , , ,

Select Category

OR

Search Vulnerability

Tags

OWASP 2013-A5 OWASP 2017-A6

Related Vulnerabilities

Related Articles

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works