Closed Bug 686484 Opened 14 years ago Closed 14 years ago

middlemouse.contentLoadURL allows bypass of malicious javascript: URL fix (bug 656433)

Categories

(Firefox :: Address Bar, defect)

Product:
Firefox
Component:
Address Bar
Version:
6 Branch
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 674161

People

(Reporter: bsterne, Unassigned)

Details

(Whiteboard: [sg:dupe 674161])

Billy Rios from Google reported this issue on behalf of a security researcher named Taras. In bug 656433, we addressed the malicious bookmarklet attack by disinheriting the page principal when loading a javascript: URL. Middle-mouse pasting, enabled by default on Linux, bypasses this protection if a user has a javascript: URL on their clipboard.
What solution will be made and in what version of FF? By the way: it also affects addons which loads external content like RSS readers. In such case evil code will be executed in chrome:// zone.
Group: core-security
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:low] → [sg:dupe 674161]
You need to log in before you can comment on or make changes to this bug.