Thank you for working so quickly on this bug. I looked at the patch and to me it seemed like it only checkes the file extension. Does that mean that this link still works? http://www.heise.de/security/dienste/browsercheck/demos/ie/htaalert.php This link seems like a (harmless) php-File but is in reality a (harmless) exploit delivered as "application/hta".
No, that doesn't work either. The checked file extension is the final one, which is also .hta in this example.
Comment on attachment 132136 [details] [diff] [review] patch sr=bzbarsky
Checking in nsLocalFileWin.cpp; /cvsroot/mozilla/xpcom/io/nsLocalFileWin.cpp,v <-- nsLocalFileWin.cpp new revision: 1.108; previous revision: 1.107 done
Comment on attachment 132136 [details] [diff] [review] patch would be nice to get this security fix into 1.5 and 1.4.2, too... it just makes it so that .hta files are also considered executable, should be very low risk.
Is it already too late for 1.4.1?
to my knowledge, it is.
I think this should get fixed on the 1.4 branch. I'm recommending it for 1.5 also, but I'll let another driver mark the bug blocking1.5. /be
Comment on attachment 132136 [details] [diff] [review] patch a=asa (on behalf of drivers) for checkin to the 1.5 branch.
looks like brendan already checked this into the 1.5 branch
Yes, sorry -- thought I updated this bug (I switched machines and may have left a bugzilla login screen up). /be
Comment on attachment 132136 [details] [diff] [review] patch Please check into the 1.4 branch. /be
fixed on 1.4 branch Checking in nsLocalFileWin.cpp; /cvsroot/mozilla/xpcom/io/nsLocalFileWin.cpp,v <-- nsLocalFileWin.cpp new revision: 126.96.36.199; previous revision: 188.8.131.52 done