[Webkit-unassigned] [Bug 16073] New: xss possible because of a bug in Document::setDomain

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Nov 20 10:35:03 PST 2007


           Summary: xss possible because of a bug in Document::setDomain
           Product: WebKit
           Version: 525+ (Nightly build)
          Platform: PC
        OS/Version: Mac OS X 10.4
            Status: NEW
          Severity: Major
          Priority: P2
         Component: HTML DOM
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: ian.eng.webkit at gmail.com

Document::setDomain updates securityOrigin to new domain even when new domain
is not a suffix of the current domain. If frame A and B change their domains to
an invalid third party domain, A and B are accessible to each other even when
there are from different domain.

A layout test and fix is coming.

Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list