Closed Bug 585284 (CVE-2010-2763) Opened 14 years ago Closed 14 years ago
XSS using SJOW's scripted function
1.9.1 branch has a similar problem to bug 584180. On 1.9.1, SJOW creates a scripted function that can be abused. If a scripted function's parent is an outer window, an array that is created in that function comes from a current inner window.
This tries to get cookies for www.apple.com. This works on 1.9.1.
Assignee: nobody → mrbkap
Status: NEW → ASSIGNED
Attachment #464682 - Flags: review?(jst)
Comment on attachment 464682 [details] [diff] [review] Patch I don't actually know what release this should go in.
Attachment #464682 - Flags: approval220.127.116.11?
Comment on attachment 464682 [details] [diff] [review] Patch a=LegNeato for 18.104.22.168
Attachment #464682 - Flags: approval22.214.171.124? → approval126.96.36.199+
You need to log in before you can comment on or make changes to this bug.