Closed Bug 370501 Opened 18 years ago Closed 18 years ago

XPInstall whitelist bypass using location.hostname vulnerability

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Version:
1.8 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: dveditz, Assigned: dveditz)

References

Details

(Keywords: fixed1.8.0.10, fixed1.8.1.2, Whiteboard: [sg:nse])

Attachments

(1 file)

bypass xpinstall whitelist
439 bytes, text/html
Details
Another way the vulnerability in bug 370445 can be abused is to bypass the XPInstall whitelist. This bug is simply a holding place for testcases I want to verify as fixed without posting them to a public bug. I bet you could mess with global storage from another domain as well.
Flags: blocking1.8.1.2+
Flags: blocking1.8.0.10+
I couldn't read from another site's area, but I think I broke global storage for them by trying. I haven't debugged it yet, but trying to write into the area for google.com leaves the google site with what appears to be only session storage. Global storage areas for other sites continue to work.
This is fixed by the patch in bug 370445
Keywords: fixed1.8.0.10, fixed1.8.1.2
Whiteboard: [sg:nse]
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Group: security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: