Closed
Bug 23333
Opened 25 years ago
Closed 25 years ago
Executing local .js files using HTTP redirect
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M14
People
(Reporter: joro, Assigned: norrisboyd)
References
()
Details
It is possible to execute local .js files using HTTP redirect. Executing local .js is dangerous because it may read user's preferences. Communicator 4.7 does not allow this. The code is: ---------------------------------------------------- <SCRIPT SRC="http://www.nat.bg/~joro/reject.cgi?mozilla/js"></SCRIPT> // "http://www.nat.bg/~joro/reject.cgi?mozilla/js" Just does a HTTP redirect to "file:///c|/" ----------------------------------------------------
Assignee | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Target Milestone: M15
Assignee | ||
Updated•25 years ago
|
Target Milestone: M15 → M14
Assignee | ||
Comment 1•25 years ago
|
||
Refresh and redirect are now subject to URI checks.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in
before you can comment on or make changes to this bug.
Description
•