Closed Bug 947693 Opened 12 years ago Closed 12 years ago

HttpHeader document.write in privileged document

Categories

(addons.mozilla.org :: Security, defect)

Product:
addons.mozilla.org
Component:
Security
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: nmaier, Unassigned)

References

(
URL
)

Details

Which has a couple of prelims. public, uses document.write with raw html headers in a privileged document (popup.html), and is therefore vulnerable to remote code injection, e.g. document.write("<tr><td>Status Text</td><td>"+statusTextValue+"</td></tr>"); The server may send raw html containing script in the status line or any other header, which then may get executed with chrome privileges when opening the add-on popup. The latest version, which I just rejected, used innerHTML instead, which, of course. has the same issue. Please disable any public versions.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.