Closed Bug 585284 (CVE-2010-2763) Opened 12 years ago Closed 12 years ago
XSS using SJOW's scripted function
1.9.1 branch has a similar problem to bug 584180. On 1.9.1, SJOW creates a scripted function that can be abused. If a scripted function's parent is an outer window, an array that is created in that function comes from a current inner window.
This tries to get cookies for www.apple.com. This works on 1.9.1.
Assignee: nobody → mrbkap
Status: NEW → ASSIGNED
Attachment #464682 - Flags: review?(jst)
Comment on attachment 464682 [details] [diff] [review] Patch I don't actually know what release this should go in.
Attachment #464682 - Flags: approval184.108.40.206?
Comment on attachment 464682 [details] [diff] [review] Patch a=LegNeato for 220.127.116.11
Attachment #464682 - Flags: approval18.104.22.168? → approval22.214.171.124+
You need to log in before you can comment on or make changes to this bug.