[Feature] Review data: protocol for security

VERIFIED FIXED in M16

Status

()

Core
Security
P3
normal
VERIFIED FIXED
19 years ago
16 years ago

People

(Reporter: Norris Boyd, Assigned: Mitchell Stoltz (not reading bugmail))

Tracking

Trunk
All
Windows NT
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

19 years ago
Make sure the origin is correct on the script execution
from "data:text/html;,<SCRIPT>...</SCRIPT>"
(Reporter)

Updated

19 years ago
Status: NEW → ASSIGNED
Summary: Review data: protocol for security → Review data: protocol for security
Target Milestone: M14
(Reporter)

Updated

19 years ago
Summary: Review data: protocol for security → [Feature] Review data: protocol for security
Target Milestone: M14 → M15
(Reporter)

Comment 1

18 years ago
Push security review tasks off until M16.
Target Milestone: M15 → M16

Comment 2

18 years ago
Bulk moving all Browser Security bugs to new Security: General component.  The 
previous Security component for Browser will be deleted.
Component: Security → Security: General
(Reporter)

Comment 3

18 years ago
Check out http://www.nat.bg/~joro/datatrack.html
see bugsplat bug #354219
Assignee: norris → mstoltz
Status: ASSIGNED → NEW
(Assignee)

Updated

18 years ago
Status: NEW → ASSIGNED

Comment 4

18 years ago
Changing Qa contact to myself.
QA Contact: dshea → junruh
(Assignee)

Comment 5

18 years ago
Mitchell,

Mitchell Stoltz wrote:
> 
> Georgi,
>     You mentioned in a status report that hou have reviewed the data:
> protocol for security recently. Are we still vulnerable to this exploit?
> 

I double checked this potential vulnerability. It is fixed and I can
confirm it does not work on build 2000051520.

Regards,
Georgi Guninski

Marking bug RESOLVED as per Guninski.
Status: ASSIGNED → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → FIXED

Comment 6

18 years ago
Verified fixed.
Status: RESOLVED → VERIFIED

Updated

16 years ago
Blocks: 144766
You need to log in before you can comment on or make changes to this bug.