Number Properties exposed by the Window Object?

Tests across different browsers for the Number properties exposed by the Window Object. Can be used in attack vectors which uses Global variables in code.

By
skeptic_fx 1 Seen 617 times
Tags
window global number integer
Run this test now.

Results


Tested on
Chrome - 65 - Windows 7
NameValue
length0
innerWidth1149
innerHeight999
scrollX0
pageXOffset0
scrollY0
pageYOffset0
screenX212
screenY24
outerWidth1198
outerHeight828
devicePixelRatio1
screenLeft212
screenTop24
TEMPORARY0
PERSISTENT1

Tested on
Firefox - 47 - Windows 7
NameValue
length0
innerWidth1333
innerHeight999
scrollX0
pageXOffset0
scrollY0
pageYOffset0
screenX-8
screenY-8
outerWidth1382
outerHeight744
mozInnerScreenX0
mozInnerScreenY0
devicePixelRatio1
scrollMaxX0
scrollMaxY0
mozPaintCount0

Tested on
Unknown Browser - Unknown Version - Unknown OS
NameValue
outerHeight679
pageYOffset0
screenLeft108
innerHeight585
outerWidth1277
devicePixelRatio2
scrollX0
screenY22
screenTop22
pageXOffset0
length0
scrollY0
innerWidth1277
screenX108

Tested on
Googlebot - 2.1 - undefined
NameValue
devicePixelRatio1
length0
pageYOffset0
pageXOffset0
scrollY0
scrollX0
screenTop0
screenLeft0
screenY0
screenX0
innerWidth1008
innerHeight999
outerWidth1024
outerHeight1024
TEMPORARY0
PERSISTENT1

Tested on
IE Mobile - 10 - Windows Phone 8
NameValue
maxConnectionsPerServer6
screenLeft0
screenTop0
innerHeight522
innerWidth1024
outerHeight522
outerWidth1024
pageXOffset0
pageYOffset0
screenX1000
screenY1000
length0
animationStartTime471.17555555556
msAnimationStartTime471.17555555556

Tested on
Chrome Mobile - 41 - Android
NameValue
devicePixelRatio2.625
length0
pageYOffset0
pageXOffset0
scrollY0
scrollX0
screenTop0
screenLeft0
screenY0
screenX0
innerWidth964
innerHeight999
outerWidth412
outerHeight732
TEMPORARY0
PERSISTENT1

Tested on
Opera - 47 - Windows 10
NameValue
length0
innerWidth1643
innerHeight999
scrollX0
pageXOffset0
scrollY0
pageYOffset0
screenX27
screenY47
outerWidth1770
outerHeight1055
devicePixelRatio1
screenLeft27
screenTop47
TEMPORARY0
PERSISTENT1

User Script (ENUM_FUNCTION)

					
function test(data){
// data is the input variable that is supplied from the Enumeration List.

// For this module, we don't process the input data.
addResult(data.prop, data.val);

}
					
				

Enum Data (ENUM_FUNCTION)

					
var data = []; // This Array is going to be populated with our enumeration result.
var x;
for(x in window){
  if(typeof window[x] == "number"){
    var obj = {};
    obj.prop = x;
    obj.val = window[x];
    data.push(obj);
  }
}

// what if the array is empty now?
if(data.length === 0){
    var obj = {};
    obj.prop = 'This browser doesn\'t have any Number properties on the Window Object';
    obj.val = ''; // Empty data
    data.push(obj);
}