Closed Bug 10194 Opened 21 years ago Closed 20 years ago
Possible security vulnerability in "chrome:" protocol - accessing local files using "chrome://global/skin/../"
The "chrome:" protocol allows accessing local files outside the mozilla directory. The problems are URLs like "chrome://global/skin/../", where ".." references the parent directory (I guess this is not desired behaviour). Communicator 4.x had similar problems with the "wysiwyg:" protocol. Sample link is: <A HREF="chrome://global/skin/../../../../autoexec.bat"> autoexec.bat - chrome://global/skin/../../../../autoexec.bat </A> Demonstration is available at: http://www.nat.bg/~joro/mozilla/chrome1.html
Move security bugs from M11 to M13; needed for beta but not for dogfood.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Fixed: Checking in nsChromeRegistry.cpp; /m/pub/mozilla/rdf/chrome/src/nsChromeRegistry.cpp,v <-- nsChromeRegistry.cpp new revision: 1.75; previous revision: 1.74 done
Status: RESOLVED → VERIFIED
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in before you can comment on or make changes to this bug.