Closed Bug 16521 Opened 20 years ago Closed 20 years ago
Scripts in mail messages run from wrong origins
Subject: Re: [Fwd: [Fwd: structure of XUL document containing message]] Date: Fri, 15 Oct 1999 11:28:26 -0700 From: firstname.lastname@example.org (David Hyatt) To: Norris Boyd <email@example.com> References: 1 Sandboxing is based off an attribute... <html:iframe/> is not sandboxed <html:iframe type="content"/> and <html:iframe type="content-primary"/> are. layout/html/document/src/nsFrameFrame.cpp is where the sandboxing is set up on the nsWebShell. If you plan to muck around with this sandboxing code, let me know. I'll want to review changes. Dave Norris Boyd wrote: Is it the case that HTML frames contained inside chrome containers can't reach outside their frame? Is that the mechanism by which web content is embedded in the XUL chrome for the browser? Thanks, Norris
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Guninski's bug has an exploit and is thus verifiable. Closing this bug in favor of his. *** This bug has been marked as a duplicate of 16672 ***
Bulk moving all MailNews Security bugs to new Security: General component. The previous Security component for MailNews will be deleted.
Component: Security → Security: General
You need to log in before you can comment on or make changes to this bug.