Closed Bug 585284 (CVE-2010-2763) Opened 11 years ago Closed 11 years ago
XSS using SJOW's scripted function
1.9.1 branch has a similar problem to bug 584180. On 1.9.1, SJOW creates a scripted function that can be abused. If a scripted function's parent is an outer window, an array that is created in that function comes from a current inner window.
This tries to get cookies for www.apple.com. This works on 1.9.1.
Assignee: nobody → mrbkap
Status: NEW → ASSIGNED
Attachment #464682 - Flags: review?(jst)
Comment on attachment 464682 [details] [diff] [review] Patch I don't actually know what release this should go in.
Attachment #464682 - Flags: approval126.96.36.199?
Comment on attachment 464682 [details] [diff] [review] Patch a=LegNeato for 188.8.131.52
Attachment #464682 - Flags: approval184.108.40.206? → approval220.127.116.11+
You need to log in before you can comment on or make changes to this bug.