New set of restrictions on the DOM in mailnews to prevent several

kinds of privacy attacks. Uses new wildcard policy functionality. Fixes 87395 and 84545. r=harishd, sr=jst, a=asa.
2025-02-15 04:39:31 +00:00 · 2001-08-30 02:27:50 +00:00 · 2001-08-30 02:27:50 +00:00 · 8fdb3afe91
commit 8fdb3afe91
parent a1887676c9
1 changed files with 24 additions and 23 deletions
--- a/modules/libpref/src/init/all.js
+++ b/modules/libpref/src/init/all.js
@ -184,7 +184,6 @@ pref("capability.policy.default.History.current", "UniversalBrowserRead");
 pref("capability.policy.default.History.forward", "allAccess");
 pref("capability.policy.default.History.go", "allAccess");
 pref("capability.policy.default.History.item", "UniversalBrowserRead");
-pref("capability.policy.default.History.length", "UniversalBrowserRead");
 pref("capability.policy.default.History.next", "UniversalBrowserRead");
 pref("capability.policy.default.History.previous", "UniversalBrowserRead");
 pref("capability.policy.default.History.toString", "UniversalBrowserRead");
@ -214,32 +213,34 @@ pref("capability.policy.default.Window.openDialog", "noAccess");
 pref("capability.policy.default.Window.self", "allAccess");
 pref("capability.policy.default.Window.window", "allAccess");

-// Restrictions on the DOM for mail/news - see bug 66938
-pref("capability.policy.mailnews.DOMException.toString", "noAccess");;
-pref("capability.policy.mailnews.HTMLAnchorElement.hash", "noAccess");
-pref("capability.policy.mailnews.HTMLAnchorElement.host", "noAccess");
-pref("capability.policy.mailnews.HTMLAnchorElement.hostname", "noAccess");
-pref("capability.policy.mailnews.HTMLAnchorElement.href", "noAccess");
-pref("capability.policy.mailnews.HTMLAnchorElement.pathname", "noAccess");
-pref("capability.policy.mailnews.HTMLAnchorElement.port", "noAccess");
-pref("capability.policy.mailnews.HTMLAnchorElement.protocol", "noAccess");
-pref("capability.policy.mailnews.HTMLAnchorElement.search", "noAccess");
-pref("capability.policy.mailnews.HTMLAnchorElement.text", "noAccess");
-pref("capability.policy.mailnews.HTMLAnchorElement.getAttribute", "noAccess");
-pref("capability.policy.mailnews.HTMLAnchorElement.attributes", "noAccess");
-pref("capability.policy.mailnews.HTMLDocument.location", "noAccess");
+// Restrictions on the DOM for mail/news - see bugs 66938 and 84545
+pref("capability.policy.mailnews.sites", "mailbox: imap: news:");
+
+pref("capability.policy.mailnews.*.attributes.get", "noAccess");
+pref("capability.policy.mailnews.*.baseURI.get", "noAccess");
+pref("capability.policy.mailnews.*.data.get", "noAccess");
+pref("capability.policy.mailnews.*.getAttribute", "noAccess");
+pref("capability.policy.mailnews.*.getNamedItem", "noAccess");
+pref("capability.policy.mailnews.*.host.get", "noAccess");
+pref("capability.policy.mailnews.*.hostname.get", "noAccess");
+pref("capability.policy.mailnews.*.href.get", "noAccess");
+pref("capability.policy.mailnews.*.innerHTML.get", "noAccess");
+pref("capability.policy.mailnews.*.lowSrc.get", "noAccess");
+pref("capability.policy.mailnews.*.nodeValue.get", "noAccess");
+pref("capability.policy.mailnews.*.pathname.get", "noAccess");
+pref("capability.policy.mailnews.*.protocol.get", "noAccess");
+pref("capability.policy.mailnews.*.src.get", "noAccess");
+pref("capability.policy.mailnews.*.substringData.get", "noAccess");
+pref("capability.policy.mailnews.*.text.get", "noAccess");
+pref("capability.policy.mailnews.*.title.get", "noAccess");
+pref("capability.policy.mailnews.DOMException.toString", "noAccess");
+pref("capability.policy.mailnews.HTMLAnchorElement.toString", "noAccess");
 pref("capability.policy.mailnews.HTMLDocument.domain", "noAccess");
 pref("capability.policy.mailnews.HTMLDocument.URL", "noAccess");
-pref("capability.policy.mailnews.Text.nodeValue", "noAccess");
-pref("capability.policy.mailnews.Text.data", "noAccess");
-pref("capability.policy.mailnews.Text.substringData", "noAccess");
-pref("capability.policy.mailnews.CDATASection.nodeValue", "noAccess");
-pref("capability.policy.mailnews.CDATASection.data", "noAccess");
-pref("capability.policy.mailnews.CDATASection.substringData", "noAccess");
+pref("capability.policy.mailnews.Location.toString", "noAccess");
 pref("capability.policy.mailnews.Range.toString", "noAccess");
-pref("capability.policy.mailnews.sites", "mailbox: imap: news:");
 pref("capability.policy.mailnews.Window.name.set", "noAccess");
-pref("capability.policy.mailnews.Window.location", "noAccess");
+
 ////////////////////////////////////////////////////////////
 pref("capability.principal.codebase.foo.id", "http://www.netscape.com");
 pref("capability.principal.codebase.foo.granted", "UniversalFoo");