Closed Bug 59523 Opened 24 years ago Closed 23 years ago

JS menu doesn´t work

Categories

(Core :: Security, defect, P3)

Product:
Core
Component:
Security
Platform:
x86
All
Type:
defect

Tracking

()

Status:
VERIFIED DUPLICATE of bug 45099
Milestone:
mozilla1.0

People

(Reporter: Matti, Assigned: security-bugs)

References

(
URL
)

Details

Attachments

(1 file)

The "menue.js" JavaScript file used by the site
15.32 KB, text/plain
Details
Win2k build 2000110804 Trunk I have a fresh Profile (4.xx converted) und deleted my old Profile and both reg files. Open the URL. Click on "Forum". after finished load try to use the menu and click on "Statisiken". I don´t work and I get the following console error. JavaScript error: line 0: uncaught exception: [Exception... "Access to property denied" code: " 010" nsresult: "0x805303f2 (NS_ERROR_DOM_PROP_ACCESS_DENIED)" location: "<unkn wn>"] It´s broken in the last weeks builds and worked for 2 weeks fine.
Confirmed on WinNT and Linux with 20001105xx trunk builds. Just as the reporter says, after you click on "Das Forum", the "Statistiken" menu item no longer functions, with the Security error given above. The web page has two frames. One frame contains the menu; the second frame's content is driven by this menu. NOTE: MN6-branch builds from the same date work fine; they do not give any error! So there is a discrepancy between the trunk and branch here. Reassigning to Security: General for further analysis.
Assignee: rogerl → mstoltz
Status: UNCONFIRMED → NEW
Component: Javascript Engine → Security: General
Ever confirmed: true
OS: Windows 2000 → All
QA Contact: pschwartau → junruh
A key function from the above JavaScript file: //Untermenue oeffnen oder schliessen function submenue(nr) { //Alle Untermenues schliessen (ausser nr) function close_submenues(nr) { var i for(i = 0; i < eintraege.length; i++) if((i != nr) && eintraege[i].node) eintraege[i].open = false } // Untermenue nr exklusiv oeffnen function open_submenues(nr) { function open_super_level(nr, lvl) { if((nr == 1) || (lvl < 1)) return var i for(i = nr - 1; i >= 0; i--) { if((eintraege[i].level == lvl) && eintraege[i].node) { eintraege[i].open = true open_super_level(i, lvl - 1) return } } return } open_super_level(nr, eintraege[nr].level - 1) } eintraege[nr].open = !eintraege[nr].open if((eintraege[nr].target != null) && (eintraege[nr].url != null)) frames[eintraege[nr].target].location.href = eintraege[nr].url if(eintraege[nr].open && exclusive) { close_submenues(nr) open_submenues(nr) } write_me }
This work with the trunk build from the 10/23/00. I´m sure this must be broken in the last 7 days.
I`m sure this is the same problem. Load the same URL. click on "Statistiken" and then on "Aufholjagd". After the second frame is finish loaded click on "Mitglieder". The menu in the left frame is very wrong displayed.
Mass changing QA to ckritzer.
QA Contact: junruh → ckritzer
I get the same error on the console at this URL : http://www.schalungsverleih.de/ click on "Mietpark" (left frame) and then on "Baustelleneinrichtung". JavaScript error: line 0: uncaught exception: [Exception... "Access to property denied" code: "1 010" nsresult: "0x805303f2 (NS_ERROR_DOM_PROP_ACCESS_DENIED)" location: "http:/ /baubedarfverleih.de/verweise_mietpark.html Line: 27"] Mitchell Stoltz: Should I open a new bug or is that the same bug ?
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9.1
Mass changing milestones to Moz0.9.1. Many of these bugs are dependent on the XPConnected DOM and its associated security UI changes.
This appears to work now.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Mitchell: the page changed(the "Forum" link is now on the same domain) Try this : click on "Statistiken", click on "Mitglieder", click on "Berkeley Stat". while the right frame is loading, click on "Knowledgebase" : JavaScript error: line 0: uncaught exception: Permission denied to access property. or try the other URL from my post at "2001-01-28 12:29"
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
I know what's going on here, but I can't figure out how to fix it woithout opening a big security hole. I can open up cross-host access to the "parent" and "frames" objects, but I can't figure out how to open up access to frames[0] without allowing access to all global script-defined variables, which I don't want to do. Here's a temporary workaround for you: add these lines to your prefs.js file in your user profile directory: user_pref("capability.policy.default.Window.scriptglobals","allAccess"); user_pref("capability.policy.default.Window.parent","allAccess"); user_pref("capability.policy.default.Window.frames","allAccess"); Or, if you're more concerned about security, use these lines instead: user_pref("capability.policy.mygroup.sites","http://www.setigermany.de"); user_pref("capability.policy.mygroup.Window.scriptglobals","allAccess"); user_pref("capability.policy.mygroup.Window.parent","allAccess"); user_pref("capability.policy.mygroup.Window.frames","allAccess"); The value of the 'sites' line can contain a list of URLs separated by spaces to which you want this policy to apply; all other sites will not be affected.
Target Milestone: mozilla0.9.1 → mozilla1.0
Mitchell: Thanks ! But how handle NS4.7x or IE this without a security hole ?
It isn't really a security hole. It would probably be safe for us to allow anyone to access the frames array, it's just that I couldn't figure out how to do this without opening up all script-defined global vars, which would be a security hole. I'll fix this permanently as soon as I have time. Since there's a workaround, this isn't as high a priority.
Is this a duplicate of bug 52920?
*** This bug has been marked as a duplicate of 45099 ***
Status: REOPENED → RESOLVED
Closed: 24 years ago23 years ago
Resolution: --- → DUPLICATE
Marking VERIFIED DUPLICATE.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: