Closed
Bug 244205
Opened 21 years ago
Closed 21 years ago
Incorrect handling cross domain and cross protocols data sources
Categories
(Core :: Networking, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 167475
People
(Reporter: ibegtin, Assigned: darin.moz)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.6 StumbleUpon/1.73
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.6 StumbleUpon/1.73
On this page http://alsius.flip.ru/ffox_telnet.html you could see demonstation
of unepected behavior in Mozilla Firefox and probably Mozilla browser in
handling non HTTP data sources on Windows platforms.
More details:
On Win32 platforms Mozilla Firefox uses same logic as Internet Explorer does.
It uses protocol handlers defined in the system. They detected in registry by
following key "URL Protocol", for example HKEY_CLASSES_ROOT\telnet.
But Internet Explorer prevents using these protocols as "data sources". By data
source i mean using these protocols in urls , only protocols defined in
HKEY_CLASSES_ROOT\PROTOCOLS\Handler. In same time Mozilla Firefox do not uses
this logic, this could cause serious security bugs in hands of malicious persons
Reproducible: Always
Steps to Reproduce:
1. Create empty HTML file "test.html"
2. Add to this html file foollowing code <img src="telnet://localhost"/>
3. Open this file locally or remotely. You will see appearing telnet window
Actual Results:
It works as described above
Expected Results:
Software should prevent using telnet and any other protocol that not defined in
HKEY_CLASSES_ROOT\PROTOCOLS\ list or in Mozilla Firefox enabled protocols as
data sources.
IMHO, The best way to solve this problem is providing interface on allowing and
disallowing usage of existing registred protocol handlers with ability to use
different security profiles, just like IE zones, but related to the protocols
not sites
As additional information I think that bug is really major. It's not only
Firefox problem, I think that IE is also not ideal in protocol handling, but
success of Firefox around Windows users could be reached providing better
security then IE does.
If any my additional comment will be required, I am ready for questions.
|
||
Comment 1•21 years ago
|
||
I don't see the significance of IE ignoring telnet: URLs in IMG srcs. The
following script works in both Firefox and IE and has the same effect as using
telnet: URLs in IMG srcs:
<script>
setInterval (
function () { location = "telnet://localhost"; },
2000
);
</script>
|
|
||
Comment 2•21 years ago
|
||
-> networking
Assignee: firefox → darin
Component: General → Networking
Product: Firefox → Browser
QA Contact: benc
Version: unspecified → Trunk
|
||
Comment 4•21 years ago
|
||
So it is.
*** This bug has been marked as a duplicate of 167475 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
|
||
Comment 5•21 years ago
|
||
that bug is not security sensitive, clearing flag here
it's probably not really a security problem anyway (especially considering
comment 1)
vrfy
Group: security
Status: RESOLVED → VERIFIED
Whiteboard: DUPEME
|
Reporter | |
Comment 6•21 years ago
|
||
Significance that I see is that using cross protocol sources will work even with
disabled javascript. Anyway, I agree that this bug is duplicate. Thanks!
|
||
Updated•6 years ago
|
QA Contact: benc → Virtual
You need to log in
before you can comment on or make changes to this bug.
Description
•