ChatZilla activates chrome and javascript URLs in channels

RESOLVED INCOMPLETE

Status

RESOLVED INCOMPLETE
11 years ago
11 years ago

People

(Reporter: bc, Assigned: rginda)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:low])

(Reporter)

Description

11 years ago
steps to reproduce:

1. paste javascript:alert%281%29 into a channel
2. click on the linkified link

actual results: 

alert(1) is executed by firefox.

expected results: 

?

1. paste chrome://browser/content into a channel
2. click on the linkified link

actual results:

browser chrome is loaded into firefox tab

expected results: ?
(Reporter)

Updated

11 years ago
Whiteboard: [sg:low]

Comment 1

11 years ago
I'm really not sure this is a problem, but perhaps that makes me naive. I'd be willing to unlink the javascript bits, but I'm not sure if we should block chrome URLs. Anyway, relevant code is here:

http://mxr.mozilla.org/seamonkey/source/extensions/irc/xul/content/mungers.js#166

We can probably hardcode chrome: and javascript: to not work if necessary. Anyone feel like doing a patch?

Comment 2

11 years ago
I forgot, nobody can see this bug. Let's fix that...

Comment 3

11 years ago
It would be nice if people could file bugs that actually indicate what the damn problem is supposed to be.

The URLs are thrown over to Firefox using standard methods (openTopWin and openNewWindowWith), which ought not be insecure themselves. If the browser wants to block javascript/chrome URLs, those functions or something they call is what you want to 'fix'.
Hardware: PC → All
Summary: Chatzilla activates chrome and javascript urls in channels → ChatZilla activates chrome and javascript URLs in channels
(Reporter)

Comment 4

11 years ago
Sorry for not living up to your expectations. I won't make the mistake of filing a bug on chatzilla again. You are such a fine example and inspiration for all of us. Please keep of the good work of alienating everyone you work with.

Updated

11 years ago
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → INVALID

Comment 5

11 years ago
Is it really too much to ask that people filing security-sensitive bugs actually say what the security problem is? Surely not...
Resolution: INVALID → INCOMPLETE
(Reporter)

Updated

11 years ago
Group: security
You need to log in before you can comment on or make changes to this bug.