Closed
Bug 336519
Opened 18 years ago
Closed 14 years ago
Show Only This Frame XSS (SeaMonkey)
Categories
(SeaMonkey :: Security, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
seamonkey2.0
People
(Reporter: dveditz, Assigned: neil)
References
Details
(Whiteboard: [sg:moderate])
Attachments
(1 file, 2 obsolete files)
3.07 KB,
patch
|
jag+mozilla
:
review+
neil
:
superreview+
|
Details | Diff | Splinter Review |
SeaMonkey-tracking pointer to bug 329468 -- see discussion and patches in that bug. This is a placeholder to allow me to set appropriate release flags since it is now no longer possible to have both Firefox and SeaMonkey blocking flags on the same bug, even a core bug.
Reporter | ||
Comment 1•18 years ago
|
||
Presumptively marking blocking for sm1.0.2 so this doesn't drop off the radar when I close the other bug.
Flags: blocking1.7.14?
Flags: blocking-seamonkey1.1a+
Flags: blocking-seamonkey1.0.2+
Reporter | ||
Updated•18 years ago
|
Whiteboard: [sg:moderate]
Assignee | ||
Comment 2•17 years ago
|
||
From bug 329468, but with case-insensitive regexp so as to correctly match any URIs which might be javascript or data.
Attachment #257156 -
Flags: superreview?
Attachment #257156 -
Flags: review?(cbiesinger)
Assignee | ||
Comment 3•17 years ago
|
||
Geez, now bugzilla silently removes the requestee if they're not CC'd :-(
Assignee | ||
Comment 4•17 years ago
|
||
Because jag asked for it (although I fail to see why it's necessary).
Attachment #257157 -
Flags: superreview?(jag)
Attachment #257157 -
Flags: review?(cbiesinger)
Assignee | ||
Comment 5•17 years ago
|
||
Comment on attachment 257157 [details] [diff] [review] With fixup >- window.loadURI(this.target.ownerDocument.location.href); >+ openTopWin( this.bgImageURL, this.target.ownerDocument.defaultView ); Whoops. Copy & paste error :-[
Attachment #257157 -
Flags: superreview?(jag)
Attachment #257157 -
Flags: superreview?(cbiesinger)
Attachment #257157 -
Flags: review?(jag)
Attachment #257157 -
Flags: review?(cbiesinger)
Assignee | ||
Comment 6•17 years ago
|
||
Comment on attachment 257156 [details] [diff] [review] Original patch Fixing review flags here too.
Attachment #257156 -
Flags: superreview?(cbiesinger)
Attachment #257156 -
Flags: superreview?
Attachment #257156 -
Flags: review?(jag)
Attachment #257156 -
Flags: review?(cbiesinger)
Updated•17 years ago
|
Attachment #257156 -
Flags: superreview?(cbiesinger) → superreview+
Comment 7•17 years ago
|
||
Comment on attachment 257157 [details] [diff] [review] With fixup whichever version you check in, please fix that copy/paste error :)
Attachment #257157 -
Flags: superreview?(cbiesinger) → superreview+
Comment 8•17 years ago
|
||
Comment on attachment 257157 [details] [diff] [review] With fixup actually... you should probably pass 0 as flags, like docshell: http://lxr.mozilla.org/seamonkey/source/docshell/base/nsDocShell.cpp#2760 Otherwise, a string "foo" would become "http://www.foo.com". while this may make no difference here, it still seems better to do the same as docshell (docshell only passes the alternate URI flag when the load failed)
Assignee | ||
Comment 9•17 years ago
|
||
* Fixed copy/paste error in previous patches * Changed to use FIXUP_FLAG_NONE * Changed to focus the content window
Attachment #257156 -
Attachment is obsolete: true
Attachment #257157 -
Attachment is obsolete: true
Attachment #278232 -
Flags: superreview+
Attachment #278232 -
Flags: review?(jag)
Attachment #257156 -
Flags: review?(jag)
Attachment #257157 -
Flags: review?(jag)
Comment 10•17 years ago
|
||
Comment on attachment 278232 [details] [diff] [review] Addressed biesi's comments + var uriFixup = Components.classes["@mozilla.org/docshell/urifixup;1"] + .getService(nsIURIFixup); Nit: indentation, just fix that before checking in.
Attachment #278232 -
Flags: review?(jag) → review+
Assignee | ||
Updated•17 years ago
|
Attachment #278232 -
Flags: approval-seamonkey1.1.5?
Comment 11•15 years ago
|
||
Neil, has this landed anywhere yet?
Assignee | ||
Comment 12•15 years ago
|
||
(In reply to comment #11) > Neil, has this landed anywhere yet? It landed on CVS trunk.
Comment 13•14 years ago
|
||
Neil, from what I see, with that EOLing of SeaMonkey 1.x, can we mark this one FIXED as having landed on cvs trunk should mean it's also fixed in both comm-1.9.1 and comm-central, right?
Comment 14•14 years ago
|
||
Comment on attachment 278232 [details] [diff] [review] Addressed biesi's comments 1.x has been EOLed, so canceling 1.1.5 approval request. Looks like I didn't see that one back then. :(
Attachment #278232 -
Flags: approval-seamonkey1.1.5?
Assignee | ||
Comment 15•14 years ago
|
||
Marking as fixed for 2.0 (well 1.5 really!)
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Target Milestone: --- → seamonkey2.0
Updated•9 years ago
|
Group: core-security → core-security-release
Reporter | ||
Updated•9 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•