[Webkit-unassigned] [Bug 96559] New: Web Inspector: information leak in JS console
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Sep 12 14:16:55 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=96559
Summary: Web Inspector: information leak in JS console
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: UNCONFIRMED
Severity: Major
Priority: P2
Component: Web Inspector
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: thaddee.tyl at gmail.com
CC: timothy at apple.com, rik at webkit.org, keishi at webkit.org,
pmuellr at yahoo.com, joepeck at webkit.org,
pfeldman at chromium.org, yurys at chromium.org,
bweinstein at apple.com, apavlov at chromium.org,
loislo at chromium.org
How to reproduce:
1. Go to the following URL: data:text/html,<!doctype><title></title><script>window.eval = function (e) { console.log('sending ' + e + ' to a malicious website!'); };</script>
2. Open the JS console.
3. Enter something.
What happens:
The JS console is, in this case, rendered useless because it outputs
sending with ((window && window.console && window.console._commandLineAPI) || {}) {
something
} to a malicious website!
With more malicious use of this issue, it could cause information leak from all developers on the website.
What should happen:
The JS console should execute the JS code entered in the console.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list