Closed
Bug 145635
Opened 22 years ago
Closed 22 years ago
Deny access for scripts to "filename" property for JavaScript Plugin object.
Categories
(Core :: Security, defect)
Tracking
()
People
(Reporter: sinchi, Assigned: security-bugs)
References
()
Details
Attachments
(1 file)
486 bytes,
text/html
|
Details |
Using navigator.plugins in JavaScript, everyone can know where Mozilla is installed on my local disk. I think, "filename" property of Plugin object, unlike MIME types and descriptions, isn't usable for JavaScript in HTML pages on the Web, it's only an additional risk of security troubles. And more, if any plugin is installed in user profile directory, this issue is a way to know path of my profile... Very dangerous opportunity! I wrote to security@mozilla.org about this issue, but has no answer.
Assignee | ||
Comment 2•22 years ago
|
||
Marking security-sensitive. Reporter, what version of Mozilla are you running?
Group: security?
Comment 3•22 years ago
|
||
*** This bug has been marked as a duplicate of 88183 ***
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Assignee | ||
Updated•22 years ago
|
Group: security?
You need to log in
before you can comment on or make changes to this bug.
Description
•