Closed Bug 13017 Opened 25 years ago Closed 25 years ago

Vulnerability in XPConnect: GetLastPageVisted()

Categories

(Core :: Security, defect, P3)

x86
Windows 95
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: joro, Assigned: norrisboyd)

References

()

Details

There is a security vulnerability in build 1999082116 (guess others) which allows reading the last page in history using XPConnect. This may be dangerous, especially if embeded in an email message. Currently GetLastPageVisted() is broken - bug http://bugzilla.mozilla.org/show_bug.cgi?id=12872 The code is: var o=Components.classes['component://netscape/browser/global-history'].getService() ; o=o.QueryInterface(Components.interfaces.nsIGlobalHistory); dump("------------\n"); dump(o.GetLastPageVisted()); dump("\n------------\n");
Status: NEW → ASSIGNED
Depends on: 7261
Once access to the Components array is restricted this bug will be fixed.
Target Milestone: M14
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Verified fixed.
Status: RESOLVED → VERIFIED
No longer depends on: 7261
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in before you can comment on or make changes to this bug.