Vulnerability in XPConnect: GetLastPageVisted()

VERIFIED FIXED in M14

Status

()

defect
P3
normal
VERIFIED FIXED
20 years ago
2 years ago

People

(Reporter: joro, Assigned: norrisboyd)

Tracking

Trunk
x86
Windows 95
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

()

Reporter

Description

20 years ago
There is a security vulnerability in build 1999082116 (guess others) which
allows reading the last page in history using XPConnect.
This may be dangerous, especially if embeded in an email message.
Currently GetLastPageVisted() is broken - bug
http://bugzilla.mozilla.org/show_bug.cgi?id=12872

The code is:

var
o=Components.classes['component://netscape/browser/global-history'].getService()
;
o=o.QueryInterface(Components.interfaces.nsIGlobalHistory);
dump("------------\n");
dump(o.GetLastPageVisted());
dump("\n------------\n");
Assignee

Updated

20 years ago
Status: NEW → ASSIGNED
Depends on: 7261
Assignee

Comment 1

20 years ago
Once access to the Components array is restricted this bug will be fixed.
Assignee

Updated

20 years ago
Target Milestone: M14
Assignee

Updated

20 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 20 years ago
Resolution: --- → FIXED

Comment 2

20 years ago
Verified fixed.
Status: RESOLVED → VERIFIED
No longer depends on: 7261

Comment 3

20 years ago
Bulk moving all Browser Security bugs to new Security: General component.  The 
previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in before you can comment on or make changes to this bug.