Closed Bug 825068 Opened 12 years ago Closed 12 years ago

System XHR allows unrestricted access to file:// URIs

Tracking

()

Status:

RESOLVED DUPLICATE of bug 825070

People

(Reporter: cjones, Unassigned)

Details

Chris Jones [:cjones] inactive; ni?/f?/r? if you need me

Reporter

Description

•

12 years ago

In b2g, this enables some super-powered OS fingerprinting, but doesn't put any user data at risk if we got the OS security model right.

We would *absolutely* need to fix this before enabling this interface for desktop though.

This is kind of a scary hole though and I'm thinking we should fix this for b2g v1.

philikon/sicking how hard would it be to summarily deny file:// for system XHR in v1?  There's no use case.

Chris Jones [:cjones] inactive; ni?/f?/r? if you need me

Reporter

Updated

•

12 years ago

Status: NEW → RESOLVED

Closed: 12 years ago

Resolution: --- → DUPLICATE

Jonas Sicking (:sicking) No longer reading bugmail consistently

Updated

•

12 years ago

blocking-basecamp: ? → ---

Nobody; OK to take it and work on it

Assignee

Updated

•

5 years ago

Component: DOM → DOM: Core & HTML

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

System XHR allows unrestricted access to file:// URIs

Categories

(Core :: DOM: Core & HTML, defect)

Tracking

()

People

(Reporter: cjones, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated