Closed Bug 259403 Opened 20 years ago Closed 20 years ago

Java can reveal local file existence through exceptions

Categories

(Core Graveyard :: Java: Live Connect, defect)

Product:
Core Graveyard
Component:
Java: Live Connect
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: dveditz, Assigned: yuanyi21)

References

(
URL
)

Details

Attachments

(1 file)

local copy of mentioned exploit
1.12 KB, text/html
Details 
From: Marc Schoenefeld <marc.schoenefeld (at) gmx dot org>
Date: Sun, 12 Sep 2004 16:28:25 +0200
To: security@mozilla.org

Hi there,

the following javascript allows to guess files on the users machine via 
liveconnect. This covert channel can be exploited by analysing the exceptions
that are thrown by the java plugin.

I have put a test page on the web at 
www.programmierloesungen.de/test/GuessFile.html

Sincerely
Marc Schonefeld
www.illegalaccess.org
Blocks: sbb-
Kyle, are you still working on Java?
Yes. taking.
Assignee: live-connect → kyle.yuan
FYI: 
 I posted the bug to Sun in a java applet version in early April 2004. They said
, they gonna fix it, now we have 5 month later .... 
This is not a mozilla bug. This is a bug in java (java.awt.color.ICC_Profile)
and has been fixed in jre 1.5. In jre 1.4.2, it throws a
java.lang.IllegalArgumentException without checking the file access permission,
but in jre 1.5, they fixed it, java.security.AccessControlException will be
thrown firstly.

Marc, have you tried your bug with jre 1.5? Please let me know if it's still
reproducible, I'll push java team to fix it.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
Known Java bug (supposed to be fixed in JRE 1.5), clearing security flag
Group: security
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: