Closed Bug 305473 Opened 19 years ago Closed 19 years ago

[FeedView] RSS icon can load javascript: URLs

Categories

(Firefox Graveyard :: RSS Discovery and Preview, defect)

Product:
Firefox Graveyard
Component:
RSS Discovery and Preview
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: jruderman, Assigned: jruderman)

Details

(Whiteboard: [sg:fix])

Attachments

(1 file)

testcase that combines this and bug 305472
48 bytes, text/html
Details 
The RSS icon can load javascript: URLs.  It should block javascript: and data:
URLs (because it's hard to get the privileges on those right), and it should
call CheckLoadURI to avoid loading chrome:// and file:// URLs when it shouldn't.

  

  



    
    

    
  
Click the RSS icon in the testcase to see your cookie stolen by a script from
http://www.squarefree.com/.  The testcase relies on bug 305472 in addition to
relying on this bug.

  

  


Flags: blocking1.9a1?
Whiteboard: [sg:fix]

    
  
Assignee: nobody → jruderman

    
    

    
  
On the Gecko 1.8 branch, which doesn't have FeedView any more, it is possible to
make a live bookmark for a javascript: URL.  I don't think this is a security
hole on the branch, though.

  

  



    
    

    
  
This is back? 
http://www.mozilla.org/security/announce/mfsa2005-12.html (bug 265668)

Gah!

Doesn't seem to ever run the javascript url, though. Is this what you mean by "I
don't think this is a security hole"?

  

  



    
    

    
  
I don't remember what I meant, but that would make sense.

  

  



    
    

    
  
FeedView is gone on trunk too.

  

  


Summary: RSS icon can load javascript: URLs → RSS icon add javascript: URLs as live bookmarks

    
    

    
  
Invalid because FeedView was removed.  I'll file a new bug for the remaining
issue instead of morphing this bug.

  

  


Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
Summary: RSS icon add javascript: URLs as live bookmarks → [FeedView] RSS icon can load javascript: URLs

    
    

    
  
Filed bug 312108 for the remaining issue, "RSS icon can add javascript: URLs as
live bookmarks".

  

  


Group: security
Flags: blocking1.9a1?

    
    

    
  
Resetting QA Contact to default.

  

  


QA Contact: nobody → rss.preview

    
  
Product: Firefox → Firefox Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: