Status

()

Core
Security
P3
normal
VERIFIED FIXED
18 years ago
10 years ago

People

(Reporter: joro, Assigned: Mitchell Stoltz (not reading bugmail))

Tracking

Trunk
x86
Windows 95
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [nsbeta2+], URL)

(Reporter)

Description

18 years ago
There is a vulnerability, which allows spoofing frames.
The code is:
------------------------------------------
<SCRIPT>
b=window.open("http://www.citybank.com");
setTimeout('b.frames[2].location="http://www.mozilla.org";',6000);
</SCRIPT>
------------------------------------------
Communicator 4.7 gives security error on this.

Updated

18 years ago
Status: NEW → ASSIGNED
Target Milestone: M15

Comment 1

18 years ago
Bulk moving all Browser Security bugs to new Security: General component.  The 
previous Security component for Browser will be deleted.
Component: Security → Security: General

Updated

18 years ago
Keywords: beta2

Comment 2

18 years ago
I don't see signs of progress for M15, and since Norris is out this week, I'm 
pushing this to M16 (so that we can branch)
Target Milestone: M15 → M16

Updated

18 years ago
Target Milestone: M16 → M17

Updated

18 years ago
Keywords: nsbeta2
(Assignee)

Comment 3

18 years ago
Bulk reassigning most of norris's bugs to mstoltz.
Assignee: norris → mstoltz
Status: ASSIGNED → NEW

Comment 4

18 years ago
Putting on [nsbeta2+] radar for beta2 fix.
Whiteboard: [nsbeta2+]

Comment 5

18 years ago
Changed QA contact to Cathy.
QA Contact: junruh → czhang
(Assignee)

Comment 6

18 years ago
I have reproduced this bug. Looks like, for whatever reason, we don't check
writing to "location", only reading.
Status: NEW → ASSIGNED

Comment 7

18 years ago
Assigning QA to czhang
(Assignee)

Comment 8

18 years ago
This will be fixed by defaulting to sameOrigin; otherwise, we need to check
location.href.write as well as .read.
Group: netscapeconfidential?
Depends on: 28443

Comment 9

18 years ago
Looks fixed with 7/6 build on NT. Try new testcase:
http://rocknroll/users/jtaylor/publish/TestCases/xdomain/frames.html
(Assignee)

Comment 10

18 years ago
Fix confirmed by jtaylor. Marking FIXED.
Status: ASSIGNED → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → FIXED

Comment 11

18 years ago
verified
Status: RESOLVED → VERIFIED
(Assignee)

Comment 12

17 years ago
Opening fixed security bugs to the public.
Group: netscapeconfidential?
Test for this got added in bug 408052.
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.