Closed
Bug 268820
Opened 20 years ago
Closed 20 years ago
javascript: urls are allowed in 'live bookmarks' rss feeds
Categories
(Firefox :: Bookmarks & History, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 265668
People
(Reporter: uamjet602, Assigned: vlad)
References
()
Details
(Whiteboard: [sg: dupe 265668])
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10 If you create an rss feed, then enter javascript as one of the links, it will be executed with elevated rights (not sure if they are chrome rights or the rights of the page currently being displayed). Reproducible: Always Steps to Reproduce: 1. Create a rss feed 2. Change one of the <link> tags into javascript 3. Follow the link from the menu Actual Results: The javascript was run, I used the code which is in the URL field. My cookie was displayed. Expected Results: Javascript urls (any unsafe urls actually) should be blocked. Don't try this on a page whose cookies you need to be secure (for instance this page), they will be revealed and displayed to other users.
Hmmm.. apparently this was fixed for 1.0 . I'd say this warrants an advisory though. Now lines which contain unsafe urn's don't display.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
|
Assignee | |
Comment 2•20 years ago
|
||
Dup of bug 265668 (not reopening to dup).
*** This bug has been marked as a duplicate of 265668 ***
Resolution: FIXED → DUPLICATE
|
||
Updated•20 years ago
|
Group: security
Whiteboard: [sg: dupe 265668]
|
||
Updated•20 years ago
|
Status: RESOLVED → VERIFIED
|
|
||
Comment 4•19 years ago
|
||
Duplicate bug, bounty denied
|
||
Comment 5•18 years ago
|
||
sorry for bugspam, long-overdue mass reassign of ancient QA contact bugs, filter on "beltznerLovesGoats" to get rid of this mass change
QA Contact: mconnor → bookmarks
You need to log in
before you can comment on or make changes to this bug.
Description
•