Re: Browser bugs hit IE, Firefox today (SANS)

To: bugtraq@xxxxxxxxxxxxxxxxx, thor@xxxxxxxxxxxx
Subject: Re: Browser bugs hit IE, Firefox today (SANS)
From: Paul Szabo <psz@xxxxxxxxxxxxxxxxx>
Date: Wed, 5 Jul 2006 09:58:32 +1000
In-reply-to: <44AA4FDE.1080409@xxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Thor Larholm <thor@xxxxxxxxxxxx> wrote:

> ... reminds me of inconsistencies in how the security context of an 
> object is handled inside Firefox.

Is this a current/outstanding problem? Is there a relevant bugzilla entry?

> However, reading the contentDocument property of the DOM element instead 
> of the through the frames collection will give you a reference to the 
> document object inside the thirdparty domain ...

Sorry, but I cannot follow. Could you please show an example?

Thanks,

Paul Szabo   psz@xxxxxxxxxxxxxxxxx   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

References:
- Re: Browser bugs hit IE, Firefox today (SANS)
  - From: Thor Larholm

Prev by Date: Invision Power Board "v1.X & 2.X" SQL Injection
Next by Date: Shopping Cart V0.9
Previous by thread: Re: Browser bugs hit IE, Firefox today (SANS)
Next by thread: Re: Browser bugs hit IE, Firefox today (SANS)
Index(es):
- Date
- Thread