Bugtraq mailing list archives
Re: Browser bugs hit IE, Firefox today (SANS)
From: 3CO <threecheeseopera () gmail com>
Date: Wed, 12 Jul 2006 15:52:55 -0400
On 7/4/06, Thor Larholm <thor () polypath com> wrote:
However, reading the contentDocument property of the DOM element instead
of the through the frames collection will give you a reference to the
document object inside the thirdparty domain and even allow you to
overwrite native DOM methods without throwing a security exception, such
as
document.getElementById("thirdparty").contentDocument.getElementById=function(s){alert(s)}.
This code throws an exception in Firefox 1.5.0.4: "Error: uncaught exception: Permission denied to set property HTMLDocument.getElementById " Just obtaining a reference to the contentDocument works, but any action on it throws an error.
Current thread:
- Re: Browser bugs hit IE, Firefox today (SANS) Alex Potter (Jul 01)
- Re: Browser bugs hit IE, Firefox today (SANS) Thor Larholm (Jul 04)
- Re: Browser bugs hit IE, Firefox today (SANS) Paul Szabo (Jul 05)
- Re: Browser bugs hit IE, Firefox today (SANS) 3CO (Jul 12)
- Re: Browser bugs hit IE, Firefox today (SANS) Thor Larholm (Jul 04)