Closed
Bug 141208
Opened 22 years ago
Closed 22 years ago
mozilla can be compromised to read local files!!!
Categories
(Core :: Security, defect, P1)
Core
Security
Tracking
()
VERIFIED
DUPLICATE
of bug 141061
mozilla1.0
People
(Reporter: bleon, Assigned: security-bugs)
References
()
Details
(Whiteboard: [ADT1])
Attachments
(2 files)
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc1) Gecko/20020417
BuildID: 2002041711
http://sec.greymagic.com/adv/gm001-ns/
there is a security test, which reads local files!
Reproducible: Always
Steps to Reproduce:
1.go to http://sec.greymagic.com/adv/gm001-ns/
2.make a test
3.
Actual Results: i can see for exanple notes,txt in my home folder
Expected Results: test fails
Security problem, was found in all version of mozilla on windows
an i have tested it with success on linux :(
Comment 1•22 years ago
|
||
Confirmed on today's linux build.
Comment 2•22 years ago
|
||
*** Bug 141212 has been marked as a duplicate of this bug. ***
Comment 3•22 years ago
|
||
*** Bug 141214 has been marked as a duplicate of this bug. ***
I am looking at this, although I might need help from Mitch.
Comment 5•22 years ago
|
||
See
http://lxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpChannel.cpp#1534
There the channel calls out to the HTTPEventSink and tells it it is being
redirected. We probably want to do a security check at this point in
nsXMLHttpRequest (implement nsIHttpEventSink and call CheckConnect() in the
OnRedirect() method).
See what the urichecker
(http://lxr.mozilla.org/seamonkey/source/netwerk/base/src/nsURIChecker.cpp) does
to set itself up as a listener for OnRedirect.... (you need to implement
nsIInterfaceRequestor, among other things).
Comment 6•22 years ago
|
||
Comment 7•22 years ago
|
||
Comment 8•22 years ago
|
||
This bug is also affected by document.load.
Doh, there was a bug on this earlier, duping.
*** This bug has been marked as a duplicate of 141061 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Comment 11•22 years ago
|
||
The cat is out of the bag. It doesn't seem useful to block access to bug 141061.
How will we in the general public know when it's fixed?
You need to log in
before you can comment on or make changes to this bug.
Description
•