Closed Bug 250379 Opened 21 years ago Closed 21 years ago

shell:windows\test.txt launches notepad

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
VERIFIED DUPLICATE of bug 250180

People

(Reporter: bugzilla, Assigned: dveditz)

Details

This must be a dupe, but I couldn't find the bug so here we go: According to http://www.csis.dk/default.asp?m=1&a=306 [in danish] there's a vulnerability in Mozilla which allows a webpage to run commands on a Windows PC when the user click on a link. If you have: <a href="shell:windows\csis.txt">free webmail</a> and the user clicks on the link notepad or what ever is associated with .txt files is launched. I've tried this on a trunk build (20040706) and this is true. It's only on Windows XP
clearing security flag as the other bug is also public... *** This bug has been marked as a duplicate of 250180 ***
Group: security
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.