Closed Bug 13838 Opened 25 years ago Closed 25 years ago

missing property checks

Categories

(Core :: Security, defect, P3)

Product:
Core
Component:
Security
Platform:
All
Windows NT
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: norrisboyd, Assigned: norrisboyd)

References

Details

Need preference names for
	document.length
	document.<form name> (for each named form)
	reflectedJavaClass (for each Java class reflected
			    into JavaScript using LiveConnect)
  Need to protect against write:
    htmldocument.images
    nshtmldocument.alinkcolor
    nshtmldocument.linkcolor
    nshtmldocument.vlinkcolor
    nshtmldocument.bgcolor
    nshtmldocument.fgcolor
    nshtmldocument.layers
    nshtmldocument.plugins
    htmldocument.body
    nshtmldocument.alinkcolor
    nshtmldocument.linkcolor
    nshtmldocument.vlinkcolor
    nshtmldocument.bgcolor
    nshtmldocument.fgcolor
    htmldocument.close
    nshtmldocument.getselection
    nshtmldocument.nameditem
    nshtmldocument.open
    nshtmldocument.write
    nshtmldocument.writeln

also, what about properties only accessible to signed scripts?
Status: NEW → ASSIGNED
Blocks: 12633
Target Milestone: M12
A good link as well is http://warp.mcom.com/hardcore/prj-seca/javascript/js.html
for the properties protected by capabilities.
Target Milestone: M12 → M13
Now we should have document properties protected against write.
With the changes I just checked in, we should have all the protections of 4.x as
specified in http://warp.mcom.com/hardcore/prj-seca/javascript/js.html except
for layers (not implemented in 5.x), events (implemented differently), and
window sizing and movement.

Will hold this bug open for window sizing and movement. There's already a bug
open for event capture.
Target Milestone: M13 → M14
These bugs didn't make M13, postpone until M14.
I believe that all property checks should now be performed, with the notable
exception of window properties. I've opened bug 25117 for them and will mark
this bug fixed.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Bulk moving all Browser Security bugs to new Security: General component.  The 
previous Security component for Browser will be deleted.
Component: Security → Security: General
Verified per norris' comments.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.