Closed Bug 300003 Opened 19 years ago Closed 19 years ago

XUL error pages should not have chrome privileges

Tracking

()

Status:

RESOLVED DUPLICATE of bug 292624

People

(Reporter: sync2d, Assigned: dveditz)

Details

(Whiteboard: [sg:dupe 292624])

shutdown

Reporter

Description

•

19 years ago

User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8b2) Gecko/20050707 Firefox/1.0+

XUL error pages should not have chrome privileges because any untrusted
content can and should be able to load the error pages. The error pages
are used by the default in recent Firefox trunk (bug 216466). So exploits
can load the error pages automatically and abuse its elevated privileges
by bugs such as XSS in Mozilla.

see also: bug 28586, bug 286651

Reproducible: Always

Steps to Reproduce:

Actual Results:  
XUL error pages have chrome privileges.

Expected Results:  
XUL error pages DOES NOT have chrome privileges.

Benjamin Smedberg

Comment 1

•

19 years ago


*** This bug has been marked as a duplicate of 292624 ***

Status: UNCONFIRMED → RESOLVED

Closed: 19 years ago

Resolution: --- → DUPLICATE

Boris Zbarsky [:bzbarsky]

Updated

•

19 years ago

Group: security

Daniel Veditz [:dveditz]

Assignee

Updated

•

19 years ago

Whiteboard: [sg:dupe 292624]

Daniel Veditz [:dveditz]

Assignee

Updated

•

18 years ago

Group: security

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

XUL error pages should not have chrome privileges

Categories

(Core :: Security, defect)

Tracking

()

People

(Reporter: sync2d, Assigned: dveditz)

References

Details

(Whiteboard: [sg:dupe 292624])

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated

Updated

Updated