Closed
Bug 13017
Opened 25 years ago
Closed 25 years ago
Vulnerability in XPConnect: GetLastPageVisted()
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M14
People
(Reporter: joro, Assigned: norrisboyd)
References
()
Details
There is a security vulnerability in build 1999082116 (guess others) which
allows reading the last page in history using XPConnect.
This may be dangerous, especially if embeded in an email message.
Currently GetLastPageVisted() is broken - bug
http://bugzilla.mozilla.org/show_bug.cgi?id=12872
The code is:
var
o=Components.classes['component://netscape/browser/global-history'].getService()
;
o=o.QueryInterface(Components.interfaces.nsIGlobalHistory);
dump("------------\n");
dump(o.GetLastPageVisted());
dump("\n------------\n");
Assignee | ||
Comment 1•25 years ago
|
||
Once access to the Components array is restricted this bug will be fixed.
Assignee | ||
Updated•25 years ago
|
Target Milestone: M14
Assignee | ||
Updated•25 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Bulk moving all Browser Security bugs to new Security: General component. The
previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in
before you can comment on or make changes to this bug.
Description
•