Closed Bug 29541 Opened 26 years ago Closed 26 years ago

links on Excite quote page give a security error

Categories

(Core :: Security: CAPS, defect, P3)

Product:
Core
Component:
Security: CAPS
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: alecf, Assigned: norrisboyd)

References

(
URL
)

Details

(Whiteboard: [PDT+] Hoping for 3/6)

Attachments

(1 file)

Proposed patch
3.44 KB, patch
Details | Diff | Splinter Review
Go to http://www.excite.com/ and look up a stock quote Now try to click on one of the links on the left of the quoting area, such as "News" or "Insider trading" You'll get this error on the console: JavaScript Error: access disallowed from scripts at http://live.excite.com to documents at another domain JavaScript Error: uncaught exception: [Exception... "Access to property denied" code: "1010" nsresult: "0x805303f2 (NS_ERROR_DOM_PROP_ACCESS_DENIED)" location: "<unknown>"] the JS link looks like this (at least as it's displayed in the status bar: javascript:function go() {location.href='../quotes/?symbol='+escape(document.symbol_entry.symbol.value)+'&whereis=1';} go();
nominate for beta - I'll bet this has to do with using ".." with the DOM, which I'm guessing many other sites use.
Keywords: beta1
Summary: links on excite quote page give a security error → links on Excite quote page give a security error
The problem was that checking the quote loads a page that is then redirected to a site with a different origin. When we go to perform the check, we still are using the origin from before the redirect. So we get errors in some cases like this, and there is an exploitable security hole otherwise. I have a fix and will attach a diff.
Group: netscapeconfidential?
Status: NEW → ASSIGNED
Target Milestone: M14
Attached patch Proposed patchSplinter Review
The attached patch just allows the WebShell to be notified when a redirect occurs, at which point it updates its local copy of what the current URI is.
Putting on PDT+ radar for beta1.
Whiteboard: [PDT+]
Can you update the status whiteboard with a landing date? We're trying to plot our path to beta... and we need the date info. Thanks, Jim
After talking with travis, I'm off looking at another way of fixing this problem that will work better with the webshell redesign. ETA is hazy.
Whiteboard: [PDT+] → [PDT+] Hoping for 3/3
Whiteboard: [PDT+] Hoping for 3/3 → [PDT+] Hoping for 3/6
Fix with version 1.29 of nsDocShell.h and version 1.410 of nsWebShell.cpp
Group: netscapeconfidential?
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Verified fixed.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: