Closed
Bug 13838
Opened 25 years ago
Closed 25 years ago
missing property checks
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M14
People
(Reporter: norrisboyd, Assigned: norrisboyd)
References
Details
Need preference names for document.length document.<form name> (for each named form) reflectedJavaClass (for each Java class reflected into JavaScript using LiveConnect) Need to protect against write: htmldocument.images nshtmldocument.alinkcolor nshtmldocument.linkcolor nshtmldocument.vlinkcolor nshtmldocument.bgcolor nshtmldocument.fgcolor nshtmldocument.layers nshtmldocument.plugins htmldocument.body nshtmldocument.alinkcolor nshtmldocument.linkcolor nshtmldocument.vlinkcolor nshtmldocument.bgcolor nshtmldocument.fgcolor htmldocument.close nshtmldocument.getselection nshtmldocument.nameditem nshtmldocument.open nshtmldocument.write nshtmldocument.writeln also, what about properties only accessible to signed scripts?
Assignee | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Updated•25 years ago
|
Target Milestone: M12
Assignee | ||
Comment 1•25 years ago
|
||
A good link as well is http://warp.mcom.com/hardcore/prj-seca/javascript/js.html for the properties protected by capabilities.
Assignee | ||
Updated•25 years ago
|
Target Milestone: M12 → M13
Assignee | ||
Comment 2•25 years ago
|
||
Now we should have document properties protected against write.
Assignee | ||
Comment 3•25 years ago
|
||
With the changes I just checked in, we should have all the protections of 4.x as specified in http://warp.mcom.com/hardcore/prj-seca/javascript/js.html except for layers (not implemented in 5.x), events (implemented differently), and window sizing and movement. Will hold this bug open for window sizing and movement. There's already a bug open for event capture.
Assignee | ||
Updated•25 years ago
|
Target Milestone: M13 → M14
Assignee | ||
Comment 4•25 years ago
|
||
These bugs didn't make M13, postpone until M14.
Assignee | ||
Comment 5•25 years ago
|
||
I believe that all property checks should now be performed, with the notable exception of window properties. I've opened bug 25117 for them and will mark this bug fixed.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in
before you can comment on or make changes to this bug.
Description
•