Closed Bug 13291 Opened 26 years ago Closed 25 years ago

Review about: implementation

Categories

(Core :: Security, defect, P3)

x86
Windows NT
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: norrisboyd, Assigned: jat)

References

Details

Make sure we aren't vulnerable to the large number of historic attacks against
about:.
Blocks: 7252
Status: NEW → ASSIGNED
Target Milestone: M14
Target Milestone: M14 → M15
Summary: Review about: implementation → [Feature] Review about: implementation
Push security review tasks off until M16.
Target Milestone: M15 → M16
Bulk moving all Browser Security bugs to new Security: General component.  The 
previous Security component for Browser will be deleted.
Component: Security → Security: General
Summary: [Feature] Review about: implementation → Review about: implementation
Target Milestone: M16 → M18
Changing Qa contact to myself.
QA Contact: dshea → junruh
Bulk reassigning most of norris's bugs to mstoltz.
Assignee: norris → mstoltz
Status: ASSIGNED → NEW
Security reviews and denial-of-service attacks. These will be addressed in the 
post-beta2 timeframe (unless someone's interested in tackling them earlier?)
Status: NEW → ASSIGNED
Assigning QA to czhang
QA Contact: junruh → czhang
Reassigning to jtaylor, who will be doing security reviews.
Assignee: mstoltz → jtaylor
Status: ASSIGNED → NEW
Status: NEW → ASSIGNED
about: protocols seem safe. about:mozilla, about:bloat, about:blank and 
about:credits seem to be the only implemented about: URLs. Does anyone know of a 
place besides nsAboutProtocolIModule.cpp where about: URLs are defined? 
Otherwise, this seems safe, so I am marking fixed.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Verified.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.