If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

eval(code, Components) allows XSS attacks

RESOLVED DUPLICATE of bug 311892

Status

()

Core
Security
--
critical
RESOLVED DUPLICATE of bug 311892
12 years ago
11 years ago

People

(Reporter: shutdown, Assigned: mrbkap)

Tracking

Trunk
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:high] xss (splitwindows) dupe of 311892?)

Attachments

(1 attachment)

985 bytes, text/html
Details
(Reporter)

Description

12 years ago
eval(code, Components) allows XSS attacks since
Components.__parent__ refers to the outer window object.

see also: bug 298315, bug 311024
(Reporter)

Comment 1

12 years ago
Created attachment 199100 [details]
testcase

Works on:
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.9a1) Gecko/20051008 Firefox/1.6a1
Is this essentially testcase 1 of bug 311892? Components.__parent__.__proto__
=== window.__proto__

One way or another we want this fixed with the splitwindows loopholes.
Assignee: dveditz → mrbkap
Blocks: 256195
Status: UNCONFIRMED → NEW
Depends on: 296639, 311024
Ever confirmed: true
Flags: blocking1.8rc1+
Flags: blocking1.7.13+
Flags: blocking-aviary1.0.8+
Whiteboard: [sg:high] xss (splitwindows) dupe of 311892?
No longer depends on: 311024
(Assignee)

Comment 3

12 years ago
I'm going to mark this bug a duplicate of bug 311892. The hack-patch that I
tried out earlier with Brendan watching also fixed this testcase. I'll ensure
that the final patch fixes all testcases in both bugs.

*** This bug has been marked as a duplicate of 311892 ***
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → DUPLICATE

Updated

12 years ago
Flags: blocking1.8rc1+
Flags: blocking1.7.13+
Flags: blocking-aviary1.0.8+
Group: security
You need to log in before you can comment on or make changes to this bug.