Closed Bug 162945 Opened 22 years ago Closed 22 years ago

Can't fetch addresses from yahoo address book

Categories

(Core :: Security: CAPS, defect)

Product:
Core
Component:
Security: CAPS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 160339

People

(Reporter: schottw, Assigned: security-bugs)

References

(
URL
)

Details

When using yahoo mail to compose a new message, I click on the To: link and it
calls up my address book.  I then check off one address and click the "Insert
Checked Contacts" button at the top of the screen.
At this time, the address book window goes blank but never closes nor does it
return the addresses to the message being composed.
This feature worked OK in the ".99" build, but has failed since I upgraded to
1.1b (2002072203).  I downloaded build 2002081508 and did another test but it
still fails.
This is a security issue. It may be that we are preventing yahoo from doing
something that would allow untrusted sites to compromise security, or it may
be a bug in our implementation. I'm not sure.

Here's the rough draft of what happens. First, you get the compose window,
which is at the URL

  http://us.f129.mail.yahoo.com/ym/Compose?queryString...

Then you popup your address book, which is at URL:

  http://us.address.mail.yahoo.com/yab2/us?queryString...

You check the names you want, then click on "Insert Checked Contacts". 
This submit the form from the address book window and returns the document 
from URL:

  http://us.f129.mail.yahoo.com/ym/KioskAB?queryString...

This returns a script which does the following:

  document.domain = "us.f129.mail.yahoo.com";
  /* if compose window not there, open new one given to, cc, and bcc */
  if (window.opener.document.Compose == null) {
      /* otherwise, call AddTo() to help fill-out fields */
  } else {
      AddTo('To', '"Baz Bar" <bazbar@foo.com>');
  }
  setTimeout('window.close()', 100);

where AddTo() tries to set the 'To' field in the 'Compose' form of the 
compose window. 

This throws a JS exception (either in the null check above, or when it 
tries to manipulate the form in the other window):

  Error: uncaught exception: Permission denied to get 
         property HTMLDocument.Compose

I'm not sure whether this should or should not be allowed.

-> Security, cc: susiew, jaimejr based on the large user base this affects.
Assignee: hewitt → mstoltz
Status: UNCONFIRMED → NEW
Component: JavaScript Console → Security: CAPS
Ever confirmed: true
Keywords: nsbeta1
OS: MacOS X → All
QA Contact: jrgm → bsharma
Hardware: Macintosh → All
Even though this is a dupe, that's a great description of the issue.

*** This bug has been marked as a duplicate of 19130 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
You mean duplicate of bug http://bugzilla.mozilla.org/show_bug.cgi?id=160339
Status: RESOLVED → VERIFIED
Duh, yes sorry.
Status: VERIFIED → REOPENED
Resolution: DUPLICATE → ---

*** This bug has been marked as a duplicate of 160339 ***
Status: REOPENED → RESOLVED
Closed: 22 years ago22 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.