Talk:XPCNativeWrapper: Difference between revisions
From MozillaZine Knowledge Base
Jump to navigationJump to search
mNo edit summary |
mNo edit summary |
||
Line 9: | Line 9: | ||
:There are two bugs related to this attack on [http://www.squarefree.com/securitytips/mozilla-developers.html Jesse Ruderman's Security Page]: | :There are two bugs related to this attack on [http://www.squarefree.com/securitytips/mozilla-developers.html Jesse Ruderman's Security Page]: | ||
*[https://bugzilla.mozilla.org/show_bug.cgi?id=217195 security hole in markLinkVisited (exploit with link.href setter = eval)] | :*[https://bugzilla.mozilla.org/show_bug.cgi?id=217195 security hole in markLinkVisited (exploit with link.href setter = eval)] | ||
*[http://bugzilla.mozilla.org/show_bug.cgi?id=249332 Bypassing CheckLoadURI using custom getters and changing toString returns] | :*[http://bugzilla.mozilla.org/show_bug.cgi?id=249332 Bypassing CheckLoadURI using custom getters and changing toString returns] | ||
:-Emte | :-Emte |
Revision as of 17:36, 22 March 2005
You scared me with "Attack Scenarios" paragraph, because *a lot* of extensions access _content.document
's properties without this wrapper. However, when I tried to access Components.classes in document.title setter and accessed that from Extension Developer's Extension's JS Shell (chrome priviledges) it (fortunately) failed with permission denied error.
I see however, that code in Firefox uses XPCNativeWrapper when accessing page's document.
Can someone explain me it / give a working attack page, because if we should really use XPCNativeWrapper, then almost everybody using extensions is vulnerable.
asqueella 04:13, 22 Mar 2005 (PST)
- There are two bugs related to this attack on Jesse Ruderman's Security Page: