Closed
Bug 423375
Opened 17 years ago
Closed 17 years ago
Content script can load restricted URIs
Categories
(Core :: Security, defect, P1)
Tracking
()
VERIFIED
FIXED
People
(Reporter: moz_bug_r_a4, Assigned: timeless)
References
Details
Attachments
(1 file)
|
390 bytes,
text/html
|
Details |
Content script can load restricted URIs (chrome:, resource:, etc.). Is this a
regression from bug 246699?
regression range:
http://bonsai.mozilla.org/cvsquery.cgi?module=PhoenixTinderbox&date=explicit&mindate=2008-03-11+09&maxdate=2008-03-12+05
|
Reporter | |
Comment 1•17 years ago
|
||
|
||
Comment 4•17 years ago
|
||
I've verified that this is trunk only and doesn't repro in branch. (It's good to be sure...)
Flags: blocking1.8.1.13?
|
||
Updated•17 years ago
|
Assignee: dveditz → timeless
Flags: blocking1.9?
Priority: -- → P1
|
|
||
Comment 5•17 years ago
|
||
Should we back out the patch for bug 246699?
|
||
Comment 6•17 years ago
|
||
Yes, please back it that patch out immediately. I don't have a tree right now, but if nobody else gets it before I get to the office I'll do it.
Flags: blocking1.9? → blocking1.9+
|
||
Comment 7•17 years ago
|
||
(In reply to comment #6)
> Yes, please back it that patch out immediately.
done
|
|
||
Comment 8•17 years ago
|
||
Please make sure to get those testcases into our automated tests so that no one can ever break this again!
I would suggest removing the security flag, since this is now fixed and was never a problem on branches.
Flags: in-testsuite?
|
|
Reporter | |
Comment 9•17 years ago
|
||
Just for the record, testcase 2 should be marked as private (it reveals bug
422025's XSS trick).
|
|
||
Comment 10•17 years ago
|
||
(In reply to comment #7)
> (In reply to comment #6)
> > Yes, please back it that patch out immediately.
>
> done
So this is now fixed, right?
|
|
||
Comment 11•17 years ago
|
||
Yep, and I'm adding the first test case as a mochitest after lunch, to precede any other attempts to touch that code.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
|
|
||
Comment 12•17 years ago
|
||
The mochitest is over in bug 246699, btw.
|
|
||
Comment 13•17 years ago
|
||
verified fixed using the testcases and Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9pre) Gecko/2008042705 Minefield/3.0pre ID:2008042705
when i use also the 2nd testcase i get "Error: Access to 'chrome://browser/content/browser.xul' from script denied
Source File: https://bugzilla.mozilla.org/attachment.cgi?id=309874
Line: 20" in the Error Console and i think this is also expected
-> Verified fixed
Status: RESOLVED → VERIFIED
|
||
Updated•13 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•