Closed
Bug 1049043
Opened 11 years ago
Closed 11 years ago
Typing File:/// in address bar exposes all the Android system files
Categories
(Firefox for Android Graveyard :: Awesomescreen, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: paisripathi, Unassigned)
References
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36
Steps to reproduce:
1. Open Firefox browser on Android.
2. Type File:/// in the address bar.
Actual results:
All the Android system files are exposed
Expected results:
File:/// must be blocked.
Chrome and Opera block it .
|
Reporter | |
Updated•11 years ago
|
Severity: normal → major
OS: Windows 7 → Android
Priority: -- → P2
Hardware: x86_64 → All
|
||
Comment 1•11 years ago
|
||
Hello, this is not a security bug because it is working by design. The mere fact that a file listing is shown does not indicate a security bug, unless that file listing can be used as an exploit somehow.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX
|
||
Updated•11 years ago
|
Severity: major → normal
Priority: P2 → --
|
|
Reporter | |
Comment 2•11 years ago
|
||
But why is chrome blocking it? Users dont feel comfortable when they see the system files exposed
Status: RESOLVED → UNCONFIRMED
Resolution: WONTFIX → ---
|
||
Comment 3•11 years ago
|
||
The OS settings control access to viewing the folder structure. This is no different than installing a folder viewer.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago → 11 years ago
Resolution: --- → WONTFIX
|
||
Updated•5 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•