Closed
Bug 141208
Opened 22 years ago
Closed 22 years ago
mozilla can be compromised to read local files!!!
Categories
(Core :: Security, defect, P1)
Core
Security
Tracking
()
VERIFIED
DUPLICATE
of bug 141061
mozilla1.0
People
(Reporter: bleon, Assigned: security-bugs)
References
()
Details
(Whiteboard: [ADT1])
Attachments
(2 files)
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc1) Gecko/20020417 BuildID: 2002041711 http://sec.greymagic.com/adv/gm001-ns/ there is a security test, which reads local files! Reproducible: Always Steps to Reproduce: 1.go to http://sec.greymagic.com/adv/gm001-ns/ 2.make a test 3. Actual Results: i can see for exanple notes,txt in my home folder Expected Results: test fails Security problem, was found in all version of mozilla on windows an i have tested it with success on linux :(
Comment 1•22 years ago
|
||
Confirmed on today's linux build.
Comment 2•22 years ago
|
||
*** Bug 141212 has been marked as a duplicate of this bug. ***
Comment 3•22 years ago
|
||
*** Bug 141214 has been marked as a duplicate of this bug. ***
I am looking at this, although I might need help from Mitch.
Comment 5•22 years ago
|
||
See http://lxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpChannel.cpp#1534 There the channel calls out to the HTTPEventSink and tells it it is being redirected. We probably want to do a security check at this point in nsXMLHttpRequest (implement nsIHttpEventSink and call CheckConnect() in the OnRedirect() method). See what the urichecker (http://lxr.mozilla.org/seamonkey/source/netwerk/base/src/nsURIChecker.cpp) does to set itself up as a listener for OnRedirect.... (you need to implement nsIInterfaceRequestor, among other things).
Comment 6•22 years ago
|
||
Comment 7•22 years ago
|
||
Comment 8•22 years ago
|
||
This bug is also affected by document.load.
Doh, there was a bug on this earlier, duping. *** This bug has been marked as a duplicate of 141061 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Comment 11•22 years ago
|
||
The cat is out of the bag. It doesn't seem useful to block access to bug 141061. How will we in the general public know when it's fixed?
You need to log in
before you can comment on or make changes to this bug.
Description
•