Closed Bug 84327 Opened 23 years ago Closed 23 years ago

Webpages can exploit the \con\con instant-crash bug.

Categories

(SeaMonkey :: General, defect)

Product:
SeaMonkey
Component:
General
Platform:
x86
Windows 98
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 29079

People

(Reporter: tronic2, Assigned: asa)

References

(
URL
)

Details

There is a well known bug in W98 (probably some other versions too) that causes
instant BSOD saying Exception 0E and usually leads to instant halt after few BSODs.

In Mozilla ANY WEBPAGE ON THE NET (including URL entered in this bug-report) can
exploit this, making Windows halt instantly. In addition to that it probably
allows minimal security-hole: webpages can link images from user's harddrive,
which might in some cases confuse user to think that the webpage can hack his
personal files.

Currently [img src="file://c|/con/con"] (with lt and gt instead of
square-brackets, of course) on a webpage causes halt.

Solution for this is to prevent linking to FILE://-URLs from webpages (except
when the original webpage is actually loaded from user's HD).
oh come on. this is an extremely old bug and it only takes a few seconds to 
search for 'con/con' and find it.

*** This bug has been marked as a duplicate of 29079 ***
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
verified dupe
Status: RESOLVED → VERIFIED
Sorry about dupe. I tried searching, but for some reason it didn't work at the
moment.
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.