middlemouse.contentLoadURL allows bypass of malicious javascript: URL fix (bug 656433)

RESOLVED DUPLICATE of bug 674161

Status

()

defect
RESOLVED DUPLICATE of bug 674161
8 years ago
8 years ago

People

(Reporter: bsterne, Unassigned)

Tracking

6 Branch
x86
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:dupe 674161])

Reporter

Description

8 years ago
Billy Rios from Google reported this issue on behalf of a security researcher named Taras.

In bug 656433, we addressed the malicious bookmarklet attack by disinheriting the page principal when loading a javascript: URL.  Middle-mouse pasting, enabled by default on Linux, bypasses this protection if a user has a javascript: URL on their clipboard.

Comment 1

8 years ago
What solution will be made and in what version of FF?
By the way: it  also affects addons which loads external content like RSS readers.
In such case evil code will be executed in chrome:// zone.
Group: core-security
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 674161
Whiteboard: [sg:low] → [sg:dupe 674161]
You need to log in before you can comment on or make changes to this bug.