Closed
Bug 585284
(CVE-2010-2763)
Opened 14 years ago
Closed 14 years ago
XSS using SJOW's scripted function
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| status2.0 | --- | unaffected |
| status1.9.2 | --- | unaffected |
| blocking1.9.1 | --- | .12+ |
| status1.9.1 | --- | .12-fixed |
People
(Reporter: moz_bug_r_a4, Assigned: mrbkap)
Details
(Whiteboard: [sg:high])
Attachments
(1 file)
|
2.24 KB,
patch
|
jst
:
review+
christian
:
approval1.9.1.12+
|
Details | Diff | Splinter Review |
1.9.1 branch has a similar problem to bug 584180. On 1.9.1, SJOW creates a scripted function that can be abused. If a scripted function's parent is an outer window, an array that is created in that function comes from a current inner window.
|
Reporter | |
Comment 1•14 years ago
|
||
This tries to get cookies for www.apple.com. This works on 1.9.1.
|
||
Updated•14 years ago
|
Whiteboard: [sg:high]
|
Assignee | |
Comment 2•14 years ago
|
||
|
||
Updated•14 years ago
|
Attachment #464682 -
Flags: review?(jst) → review+
|
|
Assignee | |
Comment 3•14 years ago
|
||
Comment on attachment 464682 [details] [diff] [review] Patch I don't actually know what release this should go in.
Attachment #464682 -
Flags: approval1.9.1.12?
|
||
Updated•14 years ago
|
blocking1.9.1: --- → ?
status1.9.1:
--- → wanted
status1.9.2:
--- → unaffected
status2.0:
--- → unaffected
Comment on attachment 464682 [details] [diff] [review] Patch a=LegNeato for 1.9.1.12
Attachment #464682 -
Flags: approval1.9.1.12? → approval1.9.1.12+
|
|
Assignee | |
Comment 5•14 years ago
|
||
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/28e2ed70bd32
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
|
||
Updated•14 years ago
|
Alias: CVE-2010-2763
|
|
||
Updated•14 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•