User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:184.108.40.206) Gecko/2009060214 Firefox/3.0.11 Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:220.127.116.11pre) Gecko/20090708 Shiretoko/3.5.1pre The document.getSelection() method can be used to read cross-origin content selections. By storing a reference to the contentDocument of an iframe, any selections made within that iframe can be read regardless of origin. This method appears to be deprecated. Reproducible: Always
Select destination for iframe and select 'go'. Make a text selection and the content should be displayed in an alert box.
The test shows the reported behaviour. I suspect this should live in Content-land, particularly since jst wrote the deprecation message. :)
Status: UNCONFIRMED → NEW
Component: General → DOM: Core & HTML
Ever confirmed: true
Product: Firefox → Core
QA Contact: general → general
Assignee: nobody → Olli.Pettay
Marking this a blocker since this allows cross site data leakage.
Flags: blocking1.9.2? → blocking1.9.2+
Priority: -- → P2
Comment on attachment 394093 [details] [diff] [review] simple patch AFAIK, security bugs need separate r and sr nowadays.
Attachment #394093 - Flags: review?(jonas) → review+
Don't want to add such before this is fixed everywhere.
Status: ASSIGNED → RESOLVED
blocking1.9.1: --- → ?
Closed: 10 years ago
Resolution: --- → FIXED
blocking1.9.1: ? → .4+
Flags: blocking18.104.22.168? → blocking22.214.171.124+
Comment on attachment 394093 [details] [diff] [review] simple patch Approved for 126.96.36.199 and 188.8.131.52, a=dveditz for release-drivers
Checking in content/html/document/src/nsHTMLDocument.cpp; /cvsroot/mozilla/content/html/document/src/nsHTMLDocument.cpp,v <-- nsHTMLDocument.cpp new revision: 3.792; previous revision: 3.791 http://hg.mozilla.org/releases/mozilla-1.9.1/rev/bffd0a33d902
Verified attached testcase reproduces bug in 184.108.40.206 and is fixed in the 220.127.116.11pre build (Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:18.104.22.168pre) Gecko/20090914 Shiretoko/3.5.4pre).
Verified for 22.214.171.124 as well with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:126.96.36.199pre) Gecko/2009091606 GranParadiso/3.0.15pre (.NET CLR 3.5.30729).
(In reply to comment #9) > Don't want to add such before this is fixed everywhere. I can has test plz?
You need to log in before you can comment on or make changes to this bug.