The Tor Browser / annotate

js/xpconnect/crashtests/509075-1.html@b8a032363ba2 (annotated)

js/xpconnect/crashtests/509075-1.html

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

michael@0 1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
michael@0 2 <html>
michael@0 3 <script>
michael@0 4
michael@0 5 var txt = document.createTextNode("");
michael@0 6 var b = document.createElement("b");
michael@0 7 var w = b["watch"];
michael@0 8 var txtdg = txt["__lookupGetter__"];
michael@0 9 w["__defineGetter__"]("toString",txtdg);
michael@0 10 var obj = {
michael@0 11 variable: 910,
michael@0 12 fun: function() {
michael@0 13 w["toString"]();
michael@0 14 }
michael@0 15 };
michael@0 16
michael@0 17 function vuln()
michael@0 18 {
michael@0 19 window.status = "" + obj.variable;
michael@0 20 try{
michael@0 21 obj.fun();
michael@0 22 }catch(er){}
michael@0 23 return obj;
michael@0 24 }
michael@0 25
michael@0 26 var ret = vuln();
michael@0 27 </script>
michael@0 28 </html>

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial