Closed
Bug 721398
(CVE-2012-0476)
Opened 12 years ago
Closed 12 years ago
moz-page-thumb protocol should not be accessible from a web page
Categories
(Firefox :: General, defect)
Tracking
()
VERIFIED
FIXED
Firefox 12
Tracking | Status | |
---|---|---|
firefox11 | --- | unaffected |
firefox12 | + | verified |
firefox-esr10 | --- | unaffected |
People
(Reporter: teramako, Unassigned)
References
Details
(Keywords: privacy, Whiteboard: [sg:moderate][qa+])
Attachments
(2 files)
1.39 KB,
text/html
|
Details | |
1.42 KB,
patch
|
mak
:
review+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (Windows NT 5.1; rv:12.0a1) Gecko/20120126 Firefox/12.0a1 Build ID: 20120126031113 Steps to reproduce: moz-page-thumb://thumbnail?url=.... can access from a web page. It should access only in privileged site for security and privacy reason. If can access on a web page, evil site owner can know that the user accessed or not the URL in past.
Updated•12 years ago
|
Attachment #591804 -
Attachment mime type: text/plain → text/html
Comment 1•12 years ago
|
||
Reported publicly in bug 721408, I'm going to open this up. It means we should fix immediately or back out bug 497543.
Group: core-security
Component: Untriaged → Places
Product: Firefox → Toolkit
QA Contact: untriaged → places
Whiteboard: [sg:high]
Updated•12 years ago
|
Assignee: nobody → ttaubert
Blocks: 497543
status-firefox11:
--- → unaffected
status-firefox12:
--- → affected
tracking-firefox12:
--- → +
Comment 3•12 years ago
|
||
(In reply to Benjamin Smedberg [:bsmedberg] from comment #1) > Reported publicly in bug 721408, I'm going to open this up. It means we > should fix immediately or back out bug 497543. Going to push the fix in a minute.
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Comment 4•12 years ago
|
||
Attachment #591820 -
Flags: review?(mak77)
Comment 5•12 years ago
|
||
Comment on attachment 591820 [details] [diff] [review] patch v1 Review of attachment 591820 [details] [diff] [review]: ----------------------------------------------------------------- ::: browser/components/thumbnails/Makefile.in @@ +17,5 @@ > EXTRA_PP_JS_MODULES = \ > PageThumbs.jsm \ > $(NULL) > > +#ifdef ENABLE_TESTS File a bug to fix the tests, add a comment pointing to that bug.
Attachment #591820 -
Flags: review?(mak77) → review+
Updated•12 years ago
|
Assignee: ttaubert → nobody
Component: Places → General
Product: Toolkit → Firefox
QA Contact: places → general
Comment 6•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/7cdb5f5d38c6
Blocks: 721422
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
OS: Windows XP → All
Hardware: x86 → All
Resolution: --- → FIXED
Summary: moz-page-thumb protocol should not access from a web page → moz-page-thumb protocol should not be accessible from a web page
Target Milestone: --- → Firefox 12
Updated•12 years ago
|
status-firefox12:
affected → ---
Updated•12 years ago
|
status-firefox12:
--- → fixed
Comment 7•12 years ago
|
||
Could you please tell me how to test this ?
Comment 8•12 years ago
|
||
You can open about:newtab and right-click to inspect the document. Now the .newtab-thumbnail elements have a background-image set. This should look like "moz-page-thumb://thumbnail?url=http%3A%2F%2Fwww.reddit.com%2F". If you now create a custom web page like data:text/html,<img src="moz-page-thumb://thumbnail?url=http%3A%2F%2Fwww.reddit.com%2F"/> the image should be broken because it's a normal content web page (i.e. without chrome privs).
Updated•12 years ago
|
Alias: CVE-2012-0476
Updated•12 years ago
|
status-firefox-esr10:
--- → unaffected
Keywords: privacy
Whiteboard: [sg:high][qa+] → [sg:moderate][qa+]
Comment 9•12 years ago
|
||
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20100101 Firefox/12.0 Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0 Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0 Verified in Firefox 12 beta 6. The image is now broken when attempting to load it.
Comment 10•12 years ago
|
||
Verified in trunk with Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:14.0) Gecko/20120418 Firefox/14.0a1.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•