Closed Bug 16672 Opened 20 years ago Closed 20 years ago
Script in HTML email message may read local files
*** Bug 16521 has been marked as a duplicate of this bug. ***
Travis says that it should be easier to fix the IFRAME src="file://..." after the WebShell changes land.
Marking dogfood for analysis by PDT at jar's request.
Whiteboard: waiting for doc loader to land → [PDT+]waiting for doc loader to land
Putting on PDT+ radar. But we believe that temp file is not longer being used, thus this bug fixed. rhp?
Sorry, the temp file still exists for the body of the message. When you are displaying an email message, you are looking at a XUL document with the body living in an IFRAME. Problem still relevant. - rhp
Whiteboard: [PDT+]waiting for doc loader to land → [PDT+] Try for 12/3 -- risky
Whiteboard: [PDT+] Try for 12/3 -- risky → [PDT+] Have fix
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Checking in mailnews/mime/emitters/src/nsMimeXULEmitter.cpp; /m/pub/mozilla/mailnews/mime/emitters/src/nsMimeXULEmitter.cpp,v <-- nsMimeXUL Emitter.cpp new revision: 1.47; previous revision: 1.46 done Checking in mailnews/mime/emitters/src/nsMimeXULEmitter.h; /m/pub/mozilla/mailnews/mime/emitters/src/nsMimeXULEmitter.h,v <-- nsMimeXULEm itter.h new revision: 1.12; previous revision: 1.11 done
Updating QA Contact.
QA Contact: dshea → paw
Marking verified per Norris's comments
Status: RESOLVED → VERIFIED
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in before you can comment on or make changes to this bug.