Closed Bug 23333 Opened 25 years ago Closed 25 years ago

Executing local .js files using HTTP redirect

Categories

(Core :: Security, defect, P3)

Product:
Core
Component:
Security
Platform:
x86
Windows 95
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: joro, Assigned: norrisboyd)

References

(
URL
)

Details

It is possible to execute local .js files using HTTP redirect.
Executing local .js is dangerous because it may read user's preferences.
Communicator 4.7 does not allow this.
The code is:
----------------------------------------------------
<SCRIPT SRC="http://www.nat.bg/~joro/reject.cgi?mozilla/js"></SCRIPT>
// "http://www.nat.bg/~joro/reject.cgi?mozilla/js" Just does a HTTP redirect to
"file:///c|/"
----------------------------------------------------
Status: NEW → ASSIGNED
Target Milestone: M15
Target Milestone: M15 → M14
Refresh and redirect are now subject to URI checks.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Verified fixed.
Status: RESOLVED → VERIFIED
Bulk moving all Browser Security bugs to new Security: General component.  The 
previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in before you can comment on or make changes to this bug.