On 2/23/10 6:15 PM, Boris Zbarsky wrote: > On 2/23/10 8:14 PM, Natch wrote: >> I was thinking (in bug 491243) that channels shouldn't inherit chrome >> privileges ever unless they are data, javascript or chrome channels >> (or that sort). > > That's already the case.
The documents can end up privileged if an author does the wrong thing: https://bugzilla.mozilla.org/show_bug.cgi?id=476464 >> For example, it is possible for any web site to run in an elevated >> context(and do practically anything to the user's computer) if you >> type the following in the error console command-line: >> >> window.openDialog("http://www.google.com";); > > This doesn't run google in an elevated context. Hard to tell on Google, but easy to confirm the lack of privs with something like openDialog("https://www.squarefree.com/shell/shell.html";) then try to look at Components.stack or something privileged. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
