Closed Bug 268820 Opened 20 years ago Closed 20 years ago

javascript: urls are allowed in 'live bookmarks' rss feeds

Categories

(Firefox :: Bookmarks & History, defect)

Product:
Firefox
Component:
Bookmarks & History
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED DUPLICATE of bug 265668

People

(Reporter: uamjet602, Assigned: vlad)

References

(
URL
)

Details

(Whiteboard: [sg: dupe 265668])

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10 If you create an rss feed, then enter javascript as one of the links, it will be executed with elevated rights (not sure if they are chrome rights or the rights of the page currently being displayed). Reproducible: Always Steps to Reproduce: 1. Create a rss feed 2. Change one of the <link> tags into javascript 3. Follow the link from the menu Actual Results: The javascript was run, I used the code which is in the URL field. My cookie was displayed. Expected Results: Javascript urls (any unsafe urls actually) should be blocked. Don't try this on a page whose cookies you need to be secure (for instance this page), they will be revealed and displayed to other users.
Hmmm.. apparently this was fixed for 1.0 . I'd say this warrants an advisory though. Now lines which contain unsafe urn's don't display.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Dup of bug 265668 (not reopening to dup).
*** This bug has been marked as a duplicate of 265668 ***
Resolution: FIXED → DUPLICATE
Group: security
Whiteboard: [sg: dupe 265668]
Status: RESOLVED → VERIFIED
Blocks: sbb?
Duplicate bug, bounty denied
Blocks: sbb-
No longer blocks: sbb?
sorry for bugspam, long-overdue mass reassign of ancient QA contact bugs, filter on "beltznerLovesGoats" to get rid of this mass change
QA Contact: mconnor → bookmarks
You need to log in before you can comment on or make changes to this bug.