Closed
Bug 115959
Opened 23 years ago
Closed 23 years ago
javascript: urls should be blocked from becoming the home page
Categories
(Core :: Security, defect)
Core
Security
Tracking
()
People
(Reporter: Morten, Assigned: security-bugs)
References
()
Details
setting a users homepage to javascript:window.close() isn't limited, and this opens up the posibility of malicious use... I haven't tested every possibility, but this really should be blocked off completely. scenarios: 1) somebody on a remote system or on the local system, could slip javascript:window.close() in as a profile's homepage thru various .js files with user_pref() 2) javascript link on a page could set the homepage, and then proceed to another url. (the user might get a dialogue, but could press ok without thinking...) additinally, mozilla should not allow itself to be started with javascript:window.close(); mozilla javascript:window.close() these problems can be misused, and would give the user the impression that mozilla is broken...
Comment 1•23 years ago
|
||
This is _so_ not prefs back end. Over to security.
Assignee: bnesse → mstoltz
Component: Preferences: Backend → Security: General
QA Contact: sairuh → bsharma
Assignee | ||
Comment 2•23 years ago
|
||
The best way to fix this is probably bug 32571. I'm working on that one right now. With that fix, javascript will not be able to close windows that weren't opened by script without a confirmation dialog appearing, as was the case in NS4. As for the points you made: 1) There shouldn't be any way for a remote attacker to change the user's homepage without the user's consent. If such an attack were possible, then then the attacker could do *much* more damage than simply resetting the home page. We can't do anything to protect against an attacker sitting at the user's own home system - again, there are much worse things that can be done in that situation (c:\ format c, for example). 2) A script cannot change the user's homepage without presenting a dialog. If the user were to "press OK without thinking," then we can't protect them. Anyway, bug 32571 should alleviate your concerns, marking dup. *** This bug has been marked as a duplicate of 32571 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•