Closed Bug 13017 Opened 21 years ago Closed 21 years ago

Vulnerability in XPConnect: GetLastPageVisted()

Categories

(Core :: Security, defect, P3)

x86
Windows 95
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: joro, Assigned: norrisboyd)

References

()

Details

There is a security vulnerability in build 1999082116 (guess others) which
allows reading the last page in history using XPConnect.
This may be dangerous, especially if embeded in an email message.
Currently GetLastPageVisted() is broken - bug
http://bugzilla.mozilla.org/show_bug.cgi?id=12872

The code is:

var
o=Components.classes['component://netscape/browser/global-history'].getService()
;
o=o.QueryInterface(Components.interfaces.nsIGlobalHistory);
dump("------------\n");
dump(o.GetLastPageVisted());
dump("\n------------\n");
Status: NEW → ASSIGNED
Depends on: 7261
Once access to the Components array is restricted this bug will be fixed.
Target Milestone: M14
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Verified fixed.
Status: RESOLVED → VERIFIED
No longer depends on: 7261
Bulk moving all Browser Security bugs to new Security: General component.  The 
previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in before you can comment on or make changes to this bug.