Closed Bug 141208 Opened 22 years ago Closed 22 years ago

mozilla can be compromised to read local files!!!

Categories

(Core :: Security, defect, P1)

defect

Tracking

()

VERIFIED DUPLICATE of bug 141061
mozilla1.0

People

(Reporter: bleon, Assigned: security-bugs)

References

()

Details

(Whiteboard: [ADT1])

Attachments

(2 files)

From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc1) Gecko/20020417 BuildID: 2002041711 http://sec.greymagic.com/adv/gm001-ns/ there is a security test, which reads local files! Reproducible: Always Steps to Reproduce: 1.go to http://sec.greymagic.com/adv/gm001-ns/ 2.make a test 3. Actual Results: i can see for exanple notes,txt in my home folder Expected Results: test fails Security problem, was found in all version of mozilla on windows an i have tested it with success on linux :(
Confirmed on today's linux build.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: mozilla1.0, nsbeta1
*** Bug 141212 has been marked as a duplicate of this bug. ***
*** Bug 141214 has been marked as a duplicate of this bug. ***
I am looking at this, although I might need help from Mitch.
Keywords: nsbeta1nsbeta1+
OS: Linux → All
Priority: -- → P1
Hardware: PC → All
Whiteboard: [ADT1]
Target Milestone: --- → mozilla1.0
See http://lxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpChannel.cpp#1534 There the channel calls out to the HTTPEventSink and tells it it is being redirected. We probably want to do a security check at this point in nsXMLHttpRequest (implement nsIHttpEventSink and call CheckConnect() in the OnRedirect() method). See what the urichecker (http://lxr.mozilla.org/seamonkey/source/netwerk/base/src/nsURIChecker.cpp) does to set itself up as a listener for OnRedirect.... (you need to implement nsIInterfaceRequestor, among other things).
This bug is also affected by document.load.
Doh, there was a bug on this earlier, duping. *** This bug has been marked as a duplicate of 141061 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
v
Status: RESOLVED → VERIFIED
The cat is out of the bag. It doesn't seem useful to block access to bug 141061. How will we in the general public know when it's fixed?
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: