Closed Bug 32343 Opened 25 years ago Closed 25 years ago

Components object appears to be accessible via javascript: urls entered in url bar

Categories

(Core :: Security, defect, P3)

Product:
Core
Component:
Security
Platform:
x86
All
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: law, Assigned: norrisboyd)

Details

(Whiteboard: fix in hand)

I entered this in the url bar: javascript:alert(Components) and an alert box opened with content "[xpconnect wrapped nsIXPCComponent]". I think this might be some kind of security exposure. I'm envisioning a web page with this JS for a link and words to the effect: right-click on this link, choose "copy link location", and then paste into your url bar. If that code can access any xpconnect component, bad things might ensue. In the course of playing with this, I also discovered that sometimes javascript: urls in the url bar were apparently evaluated in context of *other* windows. I saw this sort of message on the console: JavaScript Error: access disallowed from scripts at mailto:jst@netscape.com?cc=j oki@netscape.com to documents at another domain If you visit this page with another browser and don't see a similar error, it ma y indicate that the site has not yet been updated to support standards implement ed by the Mozilla browser such as the W3C Document Object Model (DOM). Please s ee http://developer.netscape.com/mozilla/ for more information. This may be related?
Status: NEW → ASSIGNED
Target Milestone: M15
Whiteboard: fix in hand
Fixed: Checking in dom/src/jsurl/nsJSProtocolHandler.cpp; /m/pub/mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp,v <-- nsJSProtocolHandler .cpp new revision: 1.39; previous revision: 1.38 done
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Verified fixed.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.