Closed
Bug 423375
Opened 16 years ago
Closed 16 years ago
Content script can load restricted URIs
Categories
(Core :: Security, defect, P1)
Tracking
()
VERIFIED
FIXED
People
(Reporter: moz_bug_r_a4, Assigned: timeless)
References
Details
Attachments
(1 file)
390 bytes,
text/html
|
Details |
Content script can load restricted URIs (chrome:, resource:, etc.). Is this a regression from bug 246699? regression range: http://bonsai.mozilla.org/cvsquery.cgi?module=PhoenixTinderbox&date=explicit&mindate=2008-03-11+09&maxdate=2008-03-12+05
Reporter | ||
Comment 1•16 years ago
|
||
Comment 4•16 years ago
|
||
I've verified that this is trunk only and doesn't repro in branch. (It's good to be sure...)
Flags: blocking1.8.1.13?
Updated•16 years ago
|
Assignee: dveditz → timeless
Flags: blocking1.9?
Priority: -- → P1
Comment 5•16 years ago
|
||
Should we back out the patch for bug 246699?
Yes, please back it that patch out immediately. I don't have a tree right now, but if nobody else gets it before I get to the office I'll do it.
Flags: blocking1.9? → blocking1.9+
Comment 7•16 years ago
|
||
(In reply to comment #6) > Yes, please back it that patch out immediately. done
Comment 8•16 years ago
|
||
Please make sure to get those testcases into our automated tests so that no one can ever break this again! I would suggest removing the security flag, since this is now fixed and was never a problem on branches.
Flags: in-testsuite?
Reporter | ||
Comment 9•16 years ago
|
||
Just for the record, testcase 2 should be marked as private (it reveals bug 422025's XSS trick).
Comment 10•16 years ago
|
||
(In reply to comment #7) > (In reply to comment #6) > > Yes, please back it that patch out immediately. > > done So this is now fixed, right?
Yep, and I'm adding the first test case as a mochitest after lunch, to precede any other attempts to touch that code.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
The mochitest is over in bug 246699, btw.
Comment 13•16 years ago
|
||
verified fixed using the testcases and Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9pre) Gecko/2008042705 Minefield/3.0pre ID:2008042705 when i use also the 2nd testcase i get "Error: Access to 'chrome://browser/content/browser.xul' from script denied Source File: https://bugzilla.mozilla.org/attachment.cgi?id=309874 Line: 20" in the Error Console and i think this is also expected -> Verified fixed
Status: RESOLVED → VERIFIED
Updated•12 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•