WYCIWYG is an acronym that stands for What You Cache Is What You Get, or more commonly displayed in the address bar of Gecko-based Web browsers like Mozilla Firefox as wyciwyg:// when the Web browser is retrieving cached information.
Usage
Mozilla Firefox implements a unique, strictly internal wyciwyg:// pseudo-URI scheme to sort and later reference locally cached pages that were generated or modified scriptually on client side (a common practice for Web 2.0 sites).[1]
Security Issues
Michal Zalewski reported that it was possible to bypass the same-origin checks and read from cached (wyciwyg) documents. It is possible to access wyciwyg:// documents without proper same domain policy checks through the use of HTTP 302 redirects. This enables the attacker to steal sensitive data displayed on dynamically generated pages; perform cache poisoning; and execute own code or display own content with URL bar and SSL certificate data of the attacked page (URL spoofing).[2]
This security issue was announced on 17 July 2007 as a high vulnerability and was fixed in Firefox 2.0.0.5 and SeaMonkey 1.1.3.
References
- Bugzilla entry bug #387333 - [FIX]unauthorized access to wyciwyg:// documents possible
|
|||||||||||
This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer)
