Closed
Bug 12182
Opened 25 years ago
Closed 23 years ago
Review JS Console for historic attacks
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
Future
People
(Reporter: norrisboyd, Assigned: security-bugs)
References
Details
The JS Console has had a number of historic attacks. Review the code to ensure that it is secure against those attacks and others.
Comment 1•25 years ago
|
||
Looks like a mid-air collision that wasn't detected - restoring dependency.
Reporter | ||
Updated•25 years ago
|
Target Milestone: M13
Reporter | ||
Comment 2•25 years ago
|
||
No JS Console at the moment. Vidur, is there a bug for creating a JS Console?
Reporter | ||
Updated•25 years ago
|
Target Milestone: M13 → M15
Reporter | ||
Comment 3•25 years ago
|
||
No JS console yet; postpone this bug.
Reporter | ||
Comment 4•25 years ago
|
||
Push security review tasks off until M16.
Target Milestone: M15 → M16
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
Reporter | ||
Updated•24 years ago
|
Target Milestone: M16 → M18
Assignee | ||
Comment 7•24 years ago
|
||
Bulk reassigning most of norris's bugs to mstoltz.
Assignee: norris → mstoltz
Status: ASSIGNED → NEW
Assignee | ||
Updated•24 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Comment 8•24 years ago
|
||
Security reviews and denial-of-service attacks. These will be addressed in the post-beta2 timeframe (unless someone's interested in tackling them earlier?)
Assignee | ||
Comment 10•24 years ago
|
||
Reassigning to jtaylor, who will be doing security reviews.
Assignee: mstoltz → jtaylor
Status: ASSIGNED → NEW
Updated•24 years ago
|
Status: NEW → ASSIGNED
Comment 11•24 years ago
|
||
JS console has a new implementation. Unsure if historic attacks are valid. -> mstoltz.
Assignee: jtaylor → mstoltz
Status: ASSIGNED → NEW
Assignee | ||
Comment 12•24 years ago
|
||
Future, because this deserves looking at but I don't anticipate any major exploits in the newly rewritten JS console, so this is not a ship-stop.
Status: NEW → ASSIGNED
Target Milestone: M18 → Future
Updated•24 years ago
|
QA Contact: czhang → junruh
Assignee | ||
Comment 14•23 years ago
|
||
There's no way for a script to get a reference to the JS COnsole, so I don't think there are any exploits to worry about. Jesse and I can't think of any avenues of attack. We don't have a record of historic attacks against the 4.x JS console, but my guess is they are all irrelevant now. Marking Fixed.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•