Closed Bug 311962 Opened 19 years ago Closed 19 years ago

eval(code, Components) allows XSS attacks

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 311892

People

(Reporter: sync2d, Assigned: mrbkap)

References

Details

(Whiteboard: [sg:high] xss (splitwindows) dupe of 311892?)

Attachments

(1 file)

testcase
985 bytes, text/html
Details 
eval(code, Components) allows XSS attacks since
Components.__parent__ refers to the outer window object.

see also: bug 298315, bug 311024
Attached file testcase 
Works on:
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.9a1) Gecko/20051008 Firefox/1.6a1
Is this essentially testcase 1 of bug 311892? Components.__parent__.__proto__
=== window.__proto__

One way or another we want this fixed with the splitwindows loopholes.
Assignee: dveditz → mrbkap
Blocks: sbb?
Status: UNCONFIRMED → NEW
Depends on: splitwindows, 311024
Ever confirmed: true
Flags: blocking1.8rc1+
Flags: blocking1.7.13+
Flags: blocking-aviary1.0.8+
Whiteboard: [sg:high] xss (splitwindows) dupe of 311892?
No longer depends on: 311024
I'm going to mark this bug a duplicate of bug 311892. The hack-patch that I
tried out earlier with Brendan watching also fixed this testcase. I'll ensure
that the final patch fixes all testcases in both bugs.

*** This bug has been marked as a duplicate of 311892 ***
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Flags: blocking1.8rc1+
Flags: blocking1.7.13+
Flags: blocking-aviary1.0.8+
Group: security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: