Bug 581629 (CVE-2010-1236)
Summary: | CVE-2010-1236 webkit: leading URL bypass of cross-origin protections | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | jreznik, stransky, than |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-04-23 18:39:24 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Vincent Danen
2010-04-12 20:18:18 UTC
This is indeed reproducible with F12 konqueror, but not with midori / webkitgtk-1.1.15.4 or arora / qt-4.6.2. Does anyone have access to the webkit bug? (In reply to comment #2) > This is indeed reproducible with F12 konqueror, but not with midori / > webkitgtk-1.1.15.4 or arora / qt-4.6.2. Does anyone have access to the webkit > bug? how can you reproduce it in konqueror? (In reply to comment #3) > how can you reproduce it in konqueror? Ok, I guess I should correct myself. konqueror does execute that javascript, but it is executed inside the parent frame's domain, not inside iframe domain. With webkitgtk and QTWebKit (and firefox too), the behaviour is as mentioned in the google bug: http://code.google.com/p/chromium/issues/detail?id=37383#c13 I'm closing this, based on comment #4. The behaviour of different browsers / engines differ, but none of the tested browsers executes specified javascript script inside iframe domain, but rather in the domain of the page that includes it, which does not bypass same-origin protection. |