Closed
Bug 467507
Opened 17 years ago
Closed 11 years ago
Same-origin check always fails in FF2 with document.domain and non-port-80
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: dgreenspan, Unassigned)
Details
Attachments
(1 file)
|
292 bytes,
text/html
|
Details |
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_5; en-us) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1
Build Identifier:
When a document's URI has a port number and document.domain is set, an "Access to restricted URI denied" error can be triggered in a simple document with no external dependencies, for example by trying to access a stylesheet. This behavior shows up in FF2 but not FF3.
Reproducible: Always
Steps to Reproduce:
Load the attached document at some URI that includes a port number.
Actual Results:
There is no alert. With Firebug installed, an "Access to restricted URI denied" error is visible.
Expected Results:
An alert saying "No problem."
|
Reporter | |
Comment 1•17 years ago
|
||
|
|
Reporter | |
Comment 2•17 years ago
|
||
As a little more background, I ran into this bug while developing a web app. I had an old copy of the Firefox source lying around, and was inspired to figure out the problem and shrink the test case by this suspicious-looking code in nsScriptSecurityManager.cpp, in case it's any help -- I believe this is where it determines the running code's URI for security purposes:
// Get the original URI from the source principal.
// This has the effect of ignoring any change to document.domain
// which must be done to avoid DNS spoofing (bug 154930)
nsCOMPtr<nsIURI> sourceURI;
sourcePrincipal->GetDomain(getter_AddRefs(sourceURI));
if (!sourceURI) {
sourcePrincipal->GetURI(getter_AddRefs(sourceURI));
NS_ENSURE_TRUE(sourceURI, NS_ERROR_FAILURE);
}
|
|
Reporter | |
Updated•17 years ago
|
Version: unspecified → 2.0 Branch
|
|
||
Updated•17 years ago
|
Product: Firefox → Core
QA Contact: firefox → toolkit
Version: 2.0 Branch → 1.8 Branch
|
||
Comment 3•17 years ago
|
||
With Firefox 2 no longer supported this is almost certainly a WONTFIX, especially since any change to the ScriptSecurityManager runs a risk of introducing security problems. There are still supported products built off the 1.8 branch (like Thunderbird 2 and Seamonkey 1.1) and this change would require a lot of testing and verification.
|
||
Updated•11 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•