The Tor Browser / file revision

js/xpconnect/crashtests/509075-1.html@b8a032363ba2

js/xpconnect/crashtests/509075-1.html

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

     1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

     2 <html>

     3   <script>

     4 

     5     var txt = document.createTextNode("");

     6     var b = document.createElement("b");

     7     var w = b["watch"];

     8     var txtdg = txt["__lookupGetter__"];

     9     w["__defineGetter__"]("toString",txtdg);

    10     var obj = {

    11       variable: 910,

    12       fun: function() {

    13         w["toString"]();

    14       }

    15     };

    16 

    17     function vuln()

    18     {

    19       window.status = "" + obj.variable;

    20       try{

    21         obj.fun();

    22       }catch(er){}

    23       return obj;

    24     }

    25 

    26     var ret = vuln();

    27   </script>

    28 </html>

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial