Closed Bug 11527 Opened 21 years ago Closed 20 years ago

Plain Text Editor allows reading text and parsed HTML files

Categories

(Core :: Security, defect, P3)

x86
Windows 95
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: joro, Assigned: norrisboyd)

References

()

Details

There is a security vulnerability in Mozilla 5.0 M8 (later builds are also
affected)
which allows reading local text and parsed HTML files using the Plain Text
Editor.
The idea is opening the editor, selecting all the text and accessing the
selected text.

In downloaded TextEditorAppShell.xul is added:
function DumpFile()
{
 EditorSelectAll();
 dump("-----Begin C:\\TEST.TXT\n");
 dump(editorShell.editorSelection.getRangeAt(0).toString());
 dump("\n-----End C:\\TEST.TXT\n");
}
setTimeout("DumpFile()",5000)

Demonstration is available at:
http://www.nat.bg/~joro/mozilla/editor/editor.html
Status: NEW → ASSIGNED
Target Milestone: M11
Blocks: 12633
Depends on: 13024
Depends on: 13021
No longer depends on: 13024
Move security bugs from M11 to M13; needed for beta but not for dogfood.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
XPAppCoresManager finally died, closing this security hole.
Verified fixed.
Status: RESOLVED → VERIFIED
Component: Security → Security: General
Bulk moving all Browser Security bugs to new Security: General component.  The 
previous Security component for Browser will be deleted.
You need to log in before you can comment on or make changes to this bug.