Closed
Bug 465892
Opened 16 years ago
Closed 16 years ago
Make wholeText noAccess for mailnews
Categories
(MailNews Core :: Security, defect)
MailNews Core
Security
Tracking
(Not tracked)
RESOLVED
FIXED
Thunderbird 3.0b2
People
(Reporter: philor, Assigned: philor)
Details
(Keywords: fixed1.9.1)
Attachments
(2 files)
1.29 KB,
patch
|
bzbarsky
:
review+
bzbarsky
:
superreview+
|
Details | Diff | Splinter Review |
1.19 KB,
text/plain
|
Details |
Followup to bug 458883 - one of the things Acid3 has given us is another way for ye olde wiretap exploit to get at the text you add when you forward a message (with JS enabled). If we somehow wind up with JS re-enableable and with CAPS working, we'll want to break wholeText.
Attachment #349135 -
Flags: superreview?(bzbarsky)
Attachment #349135 -
Flags: review?(bzbarsky)
Comment 1•16 years ago
|
||
Comment on attachment 349135 [details] [diff] [review] Fix v.1 Whack! Mole at 11! ;)
Attachment #349135 -
Flags: superreview?(bzbarsky)
Attachment #349135 -
Flags: superreview+
Attachment #349135 -
Flags: review?(bzbarsky)
Attachment #349135 -
Flags: review+
Assignee | ||
Comment 2•16 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/08917af7313d
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 3•16 years ago
|
||
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/f02b476e25ee
Keywords: fixed1.9.1
Target Milestone: --- → Thunderbird 3.0b2
Is there a manual test case that can be performed so this bug can be marked verified?
Assignee | ||
Comment 5•15 years ago
|
||
Step one: comment out the call to shell->SetAllowJavascript in nsMsgContentPolicy::DisableJSOnMailNewsUrlDocshells and recompile. Do you want step two?
(In reply to comment #5) > Step one: comment out the call to shell->SetAllowJavascript in > nsMsgContentPolicy::DisableJSOnMailNewsUrlDocshells and recompile. > > Do you want step two? Please give me all steps.
Assignee | ||
Comment 7•15 years ago
|
||
Hard to say how good they'll be, since I'm away from a compiler to check, but in theory, keeping in mind that you've now made a dangerous program, start whichever of Thunderbird or SeaMonkey you built *with a new profile*, and create a News & Blogs account, which will create Local Folders for you without the risk of an email account. Close the program, save a copy of this attachment in Mail/Local Folders/ in your profile, edit (appdir)/greprefs/all.js, comment out the line this bug added, open the program, view the mail in the "wholeText" folder (with View - Message Body As - Original HTML), and if it successfully alerts the contents of the message body, you know the test is working, and you can close the program, reedit all.js to uncomment that line, reopen, review the email, and it should not alert the contents of the message body.
(In reply to comment #5) > Step one: comment out the call to shell->SetAllowJavascript in > nsMsgContentPolicy::DisableJSOnMailNewsUrlDocshells and recompile. > I'm not sure what file this refers to.
Assignee | ||
Comment 9•15 years ago
|
||
http://mxr.mozilla.org/comm-central/source/mailnews/base/src/nsMsgContentPolicy.cpp#729
You need to log in
before you can comment on or make changes to this bug.
Description
•