[Webkit-unassigned] [Bug 16073] New: xss possible because of a bug in Document::setDomain
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 20 10:35:03 PST 2007
http://bugs.webkit.org/show_bug.cgi?id=16073
Summary: xss possible because of a bug in Document::setDomain
Product: WebKit
Version: 525+ (Nightly build)
Platform: PC
OS/Version: Mac OS X 10.4
Status: NEW
Severity: Major
Priority: P2
Component: HTML DOM
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: ian.eng.webkit at gmail.com
Document::setDomain updates securityOrigin to new domain even when new domain
is not a suffix of the current domain. If frame A and B change their domains to
an invalid third party domain, A and B are accessible to each other even when
there are from different domain.
A layout test and fix is coming.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list