Closed
Bug 370501
Opened 18 years ago
Closed 18 years ago
XPInstall whitelist bypass using location.hostname vulnerability
Categories
(Core :: Networking, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: dveditz, Assigned: dveditz)
References
Details
(Keywords: fixed1.8.0.10, fixed1.8.1.2, Whiteboard: [sg:nse])
Attachments
(1 file)
|
439 bytes,
text/html
|
Details |
Another way the vulnerability in bug 370445 can be abused is to bypass the XPInstall whitelist. This bug is simply a holding place for testcases I want to verify as fixed without posting them to a public bug. I bet you could mess with global storage from another domain as well.
Flags: blocking1.8.1.2+
Flags: blocking1.8.0.10+
|
Assignee | |
Comment 1•18 years ago
|
||
I couldn't read from another site's area, but I think I broke global storage for them by trying. I haven't debugged it yet, but trying to write into the area for google.com leaves the google site with what appears to be only session storage. Global storage areas for other sites continue to work.
|
|
Assignee | |
Comment 2•18 years ago
|
||
This is fixed by the patch in bug 370445
Keywords: fixed1.8.0.10,
fixed1.8.1.2
|
|
Assignee | |
Updated•18 years ago
|
Whiteboard: [sg:nse]
|
|
Assignee | |
Updated•18 years ago
|
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Updated•18 years ago
|
Group: security
You need to log in
before you can comment on or make changes to this bug.
Description
•