Closed Bug 312108 Opened 19 years ago Closed 18 years ago

RSS icon can add javascript: URLs as live bookmarks

Categories

(Firefox Graveyard :: RSS Discovery and Preview, defect)

Product:
Firefox Graveyard
Component:
RSS Discovery and Preview
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 353734

People

(Reporter: jruderman, Unassigned)

References

Details

(Whiteboard: [sg:want P4]) 

Split from bug 305473.

Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.9a1) Gecko/20051010
Firefox/1.6a1

The RSS icon can reference a javascript: URL.  Clicking the RSS icon to add it
as a live bookmark adds a live bookmark for a javascript: URL.  The javascript:
URL doesn't seem to ever be executed, though, so this isn't a security hole by
itself.
What's the case where this can be exploited?
I don't think this can be exploited.  Fixing this would make things a safer for
extensions that extend Live Bookmark functionality (for example, a theoretical
extension that shows a Planet-like view of your Live Bookmarks) and aren't
careful with URLs.
Component: Build Config → RSS Discovery and Preview
QA Contact: build.config → nobody
Vlad, when nominating a bug for RC, please provide a description about why you
think the bug in question should be a stop ship bug. That helps us evaluate
things quickly as we go through the list.

Minusing this based on Jesse's last comment about this not being exploitable.
Flags: blocking1.8rc1? → blocking1.8rc1-
Whiteboard: [sg:want P4]
QA Contact: nobody → rss.preview
Depends on: 353734

*** This bug has been marked as a duplicate of 353734 ***
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
Verified Duplicate.
Status: RESOLVED → VERIFIED
Product: Firefox → Firefox Graveyard
You need to log in before you can comment on or make changes to this bug.