Export to GitHub

sage - issue #2

Malicious URI vulnerability

Posted on Feb 11, 2010 by Massive Monkey

Using the javascript or data scheme, it's possible to present a link to the user that, when clicked, executes javascript in the chrome security context.

Original bug report:

https://www.mozdev.org/bugs/show_bug.cgi?id=20610

Attachments

Sage - Security Report.pdf 123.86KB

Sage20610TestCases.zip 6.68KB

Comment #1

Posted on Mar 8, 2010 by Massive Monkey

This issue was closed by revision 841c04a34a.

Status: Fixed

Labels:
Type-Defect Priority-Critical Version-Sage1.4.5 Browser-Firefox3.5 Security Milestone-Sage1.4.6

Code

Archive

sage - issue #2

Comment #1