[Feature] Javascript can execute in any file regardless of extension

VERIFIED DUPLICATE of bug 55731

Status

()

P3
normal
VERIFIED DUPLICATE of bug 55731
19 years ago
10 years ago

People

(Reporter: morse, Assigned: norrisboyd)

Tracking

Trunk
x86
Windows NT
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

19 years ago
Create a file with the following content

   <SCRIPT>alert('Oops')</SCRIPT>

and name it abc.xyz.  Open that file in the 5.0 browser and the javascript will
execute.  This should not happen -- only files with certain extensions such as
.html should be capable of executing javascript.

This bug can be used as the basis of a security attack (see bug 9419)
(Reporter)

Updated

19 years ago
Blocks: 9419

Updated

19 years ago
Assignee: gagan → morse

Comment 1

19 years ago
steve why do you think this is Necko?

Comment 2

19 years ago
BTW extensions should not control javascript execution.
(Reporter)

Updated

19 years ago
Assignee: morse → norris
(Reporter)

Comment 3

19 years ago
Assigning to Norris so that he can find the real owner of this bug.
(Assignee)

Updated

19 years ago
Status: NEW → ASSIGNED
Target Milestone: M14

Comment 4

19 years ago
Bulk move of all Necko (to be deleted component) bugs to new Networking

component.
(Assignee)

Updated

19 years ago
Summary: Javascript can execute in any file regardless of extension → [Feature] Javascript can execute in any file regardless of extension
(Reporter)

Comment 5

19 years ago
Norris, why did you add "[FEATURE]" to the summary line.  I wasn't asking for a
feature here, rather I was asking to close what could be a security hole.  In
4.x you couldn't execute javascript in any file but rather only in ones with
certain extensions.  That's why I reported this as a bug, not a feature request.
(Assignee)

Updated

19 years ago
Target Milestone: M14 → M15
(Reporter)

Updated

19 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → WORKSFORME
(Reporter)

Comment 6

19 years ago
Hey, guess what!  This bug is no more.  I just tested it out and now it works
fine.  Here I've had bug 9419 blocked by this and didn't realize that it was
working fine.

Closing it out as works-for-me.

Updated

19 years ago
Keywords: verifyme

Comment 7

19 years ago
This is working for me too. I created a .txt file with the alert and it was not
executed. [bugday]marking verified. worksforme on winNT build 2000022908.
Status: RESOLVED → VERIFIED

Updated

19 years ago
No longer blocks: 9419
(Reporter)

Comment 8

18 years ago
Turns out this bug wasn't fixed after all.  See bug 55731.  Reopening and 
duping.
Status: VERIFIED → REOPENED
Resolution: WORKSFORME → ---
(Reporter)

Comment 9

18 years ago

*** This bug has been marked as a duplicate of 55731 ***
Status: REOPENED → RESOLVED
Last Resolved: 19 years ago18 years ago
Resolution: --- → DUPLICATE

Comment 10

18 years ago
Verified dupe.
Status: RESOLVED → VERIFIED

Updated

10 years ago
Keywords: verifyme
You need to log in before you can comment on or make changes to this bug.