Step to reproduce: 1) Launch https://mallory.csrf.jp/importscripts/ 2) If "token_1234" is shown in console the flaw is reproduced. In above page, the document runs a Worker and the Worker loads a cross-origin text data as a script file through importScripts(). But the text data is not a valid script so Firefox fires ReferrenceError. Then, the error message contains some fragments of the text and the Worker can get the data with try-catch. In above example the ReferrenceError message contains "token_1234", as shown below, that is loaded from the other origin. ReferenceError: token_1234 is not defined
The similar bug seems to be fixed yesterday by the following commit for mozilla-central. http://hg.mozilla.org/mozilla-central/rev/37c0bb092ec2 If the patch has already been included in the latest Nightly the patch may not be enough to fix.
I think from a spec point of view this is OK.
What do we do on main thread?
The following is a document that loads same cross-origin text with <script> on the main thread. https://mallory.csrf.jp/importscripts/script.html The same error message "ReferenceError: token_1234..." is shown on the console but it's log type is "JS", so any user scripts on the document cannot retrieve this message. However in case of importScripts the same message is set to an exception object and it can be retrieved by user scripts through catch clause.
IIRC, baku discussed about this with bz, and there were some spec bugs, right?
Flags: needinfo?(bugs) → needinfo?(amarchesini)
(In reply to Muneaki Nishimura from comment #1) > The similar bug seems to be fixed yesterday by the following commit for > mozilla-central. > http://hg.mozilla.org/mozilla-central/rev/37c0bb092ec2 That patch was incorrect and did not fix the bug it was intended to fix.
bug 1160890 fixes this issue as well. But I want to write a test before closing this as duplicate.
Assignee: nobody → amarchesini
This bug is not exactly a duplicate of bug 1160890, but the patch proposed for the first bug fixes this one too.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: CVE-2015-7215
You need to log in before you can comment on or make changes to this bug.