Closed Bug 793047 Opened 12 years ago Closed 12 years ago

URL and SSL spoofing with onunload/onblur handlers that open/close tabs

Categories

(Firefox :: Tabbed Browser, defect)

Product:
Firefox
Component:
Tabbed Browser
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 700080
Tracking Flags:
Tracking Status
firefox16 --- wontfix
firefox17 --- fixed
firefox18 --- fixed
firefox19 --- fixed
firefox-esr10 --- wontfix

People

(Reporter: Gavin, Unassigned)

Details

(Keywords: sec-high, Whiteboard: [sg:dupe 700080][adv-track-main17-])

Attachments

(1 file)

testcase that doesn't depend on e4x
(deleted), text/html
Details
Reported by Jordi Chancel in bug 700080 comment 63 (bug 700080 is a previous version of this problem). Test case in attachment 661832 [details].
I can't reproduce in Aurora or Nightly, because the testcase has a syntax error: Error: SyntaxError: syntax error Source File: https://bug700080.bugzilla.mozilla.org/attachment.cgi?id=661832&t=yAgDc2pm83 Line: 5, Column: 54 Source Code: var dataUrl1 = "data:text/html," + encodeURIComponent(<><![CDATA[ I assume this is because we disabled e4x, and should be easy enough to fix. I can reproduce the bug in beta, but bug 391834/bug 700080 aren't fixed there.
Attached file testcase that doesn't depend on e4x (deleted) —
With this tweaked version of the testcase that doesn't rely on E4X, I can reproduce on beta, but not on Aurora or Nightly. I think that means that this is just a duplicate of bug 700080.
Jordi, can you confirm that this issue is FIXED in Aurora and Beta builds?
(In reply to :Gavin Sharp (use gavin@gavinsharp.com for email) from comment #3) > Jordi, can you confirm that this issue is FIXED in Aurora and Beta builds? Sorry, I meant just Aurora builds. It is known that this isn't fixed on Beta.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
status-firefox-esr10: --- → wontfix
status-firefox16: --- → wontfix
status-firefox17: --- → fixed
status-firefox18: --- → fixed
status-firefox19: --- → fixed
Whiteboard: [sg:dupe 700080]
Whiteboard: [sg:dupe 700080] → [sg:dupe 700080][adv-track-main17-]
Group: core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: