Closed
Bug 793047
Opened 12 years ago
Closed 12 years ago
URL and SSL spoofing with onunload/onblur handlers that open/close tabs
Categories
(Firefox :: Tabbed Browser, defect)
Firefox
Tabbed Browser
Tracking
()
RESOLVED
DUPLICATE
of bug 700080
People
(Reporter: Gavin, Unassigned)
Details
(Keywords: sec-high, Whiteboard: [sg:dupe 700080][adv-track-main17-])
Attachments
(1 file)
(deleted),
text/html
|
Details |
Reported by Jordi Chancel in bug 700080 comment 63 (bug 700080 is a previous version of this problem).
Test case in attachment 661832 [details].
Reporter | ||
Comment 1•12 years ago
|
||
I can't reproduce in Aurora or Nightly, because the testcase has a syntax error:
Error: SyntaxError: syntax error
Source File: https://bug700080.bugzilla.mozilla.org/attachment.cgi?id=661832&t=yAgDc2pm83
Line: 5, Column: 54
Source Code:
var dataUrl1 = "data:text/html," + encodeURIComponent(<><![CDATA[
I assume this is because we disabled e4x, and should be easy enough to fix.
I can reproduce the bug in beta, but bug 391834/bug 700080 aren't fixed there.
Reporter | ||
Comment 2•12 years ago
|
||
With this tweaked version of the testcase that doesn't rely on E4X, I can reproduce on beta, but not on Aurora or Nightly. I think that means that this is just a duplicate of bug 700080.
Reporter | ||
Comment 3•12 years ago
|
||
Jordi, can you confirm that this issue is FIXED in Aurora and Beta builds?
Reporter | ||
Comment 4•12 years ago
|
||
(In reply to :Gavin Sharp (use gavin@gavinsharp.com for email) from comment #3)
> Jordi, can you confirm that this issue is FIXED in Aurora and Beta builds?
Sorry, I meant just Aurora builds. It is known that this isn't fixed on Beta.
Reporter | ||
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Updated•12 years ago
|
status-firefox-esr10:
--- → wontfix
status-firefox16:
--- → wontfix
status-firefox17:
--- → fixed
status-firefox18:
--- → fixed
status-firefox19:
--- → fixed
Whiteboard: [sg:dupe 700080]
Updated•12 years ago
|
Whiteboard: [sg:dupe 700080] → [sg:dupe 700080][adv-track-main17-]
Updated•12 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•