Closed
Bug 825068
Opened 12 years ago
Closed 12 years ago
System XHR allows unrestricted access to file:// URIs
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
DUPLICATE
of bug 825070
People
(Reporter: cjones, Unassigned)
Details
In b2g, this enables some super-powered OS fingerprinting, but doesn't put any user data at risk if we got the OS security model right. We would *absolutely* need to fix this before enabling this interface for desktop though. This is kind of a scary hole though and I'm thinking we should fix this for b2g v1. philikon/sicking how hard would it be to summarily deny file:// for system XHR in v1? There's no use case.
Reporter | ||
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
blocking-basecamp: ? → ---
Assignee | ||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•