[Webkit-unassigned] [Bug 16387] New: Variable names can be enumerated across domains
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Dec 10 14:15:27 PST 2007
http://bugs.webkit.org/show_bug.cgi?id=16387
Summary: Variable names can be enumerated across domains
Product: WebKit
Version: 525+ (Nightly build)
Platform: Macintosh
URL: http://mapseekret.com/staticmedia/document_a.html
OS/Version: Mac OS X 10.4
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: hmason at mac.com
WebKit currently allows for enumeration of all the property names in window
object via a JavaScript "for .. in " loop, even when the window object is from
a foreign domain. This could cause a security problem if a JavaScript author
made the mistake of storing a password in a variable name or something.
I've posted a demonstration of this problem to this bug's URL. Document B sets
a global variable named "superSecretThing", document A embeds document B in an
iframe, and is able to see the secret variable name from a foreign domain.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list