Closed Bug 195317 Opened 23 years ago Closed 23 years ago

Remote content can load XBL from file:// URLs

Tracking

()

Status:

RESOLVED DUPLICATE of bug 200691

Milestone:

mozilla1.4beta

People

(Reporter: hjtoi-bugzilla, Assigned: bryner)

Details

Heikki Toivonen (remove -bugzilla when emailing directly)

Reporter

Description

•

23 years ago

While investigating bug 172673 we noticed that remote content can load XBL from users hard disk. We should block this. Please not that we still want to allow remote content to read chrome:// URLs (bug 177640). What about resource:// URLs? Any other special protocols?

Brian Ryner (not reading)

Assignee

Comment 1

•

23 years ago

-> me.

Assignee: hyatt → bryner

Target Milestone: --- → mozilla1.4beta

Mitchell Stoltz (not reading bugmail)

Updated

•

23 years ago

Flags: blocking1.4b?

Mitchell Stoltz (not reading bugmail)

Comment 2

•

23 years ago

This lack of security check causes an exploit - bug 200691. Duping against that one because it has more discussion and a testcase. *** This bug has been marked as a duplicate of 200691 ***

Status: NEW → RESOLVED

Closed: 23 years ago

Flags: blocking1.4b?

Resolution: --- → DUPLICATE

Daniel Veditz [:dveditz]

Comment 3

•

21 years ago

Dupe of bug published on the known vulnerabilities list, clearing security flag.

Group: security

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Remote content can load XBL from file:// URLs

Categories

(Core :: XBL, defect)

Tracking

()

People

(Reporter: hjtoi-bugzilla, Assigned: bryner)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated

Comment 2

Comment 3