Closed Bug 293650 Opened 20 years ago Closed 19 years ago

Opening privileged file by drag&drop from other application

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: org.mozilla.bugzilla-NO-PRIVATE-MAIL, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; cs-CZ; rv:1.7.7) Gecko/20050414 Firefox/1.0.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; cs-CZ; rv:1.7.7) Gecko/20050414 Firefox/1.0.3

When I drag and drop a link from other application to browser window, it will be
opened, though it is refering to privileged file.

Reproducible: Always

Steps to Reproduce:
1. Create link to privileged file in other application. 
for example: <a href="chrome://browser/content/browser.xul">gogo</a>
Make an e-mail in Thunderbird with this link and use "send later" (in HTML).
Read this mail in folder "unsent messages".

2.Drag and drop the link to Firefox window.
Actual Results:  
Privileged file was opened.
60 days inactive: INVALID in 72 hours, otherwise reassigning to owner.

Is this reproducable with a nightly build (http://www.mozilla.org/developer)?
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Assignee: nobody → wbzsinj
Status: ASSIGNED → NEW
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
Assignee: wbzsinj → nobody
Status: REOPENED → NEW
(In reply to comment #1)
> Is this reproducable with a nightly build (http://www.mozilla.org/developer)?

Yes, same problem with nightly build.

Mozilla/5.0 (Windows; U; Windows NT 5.1; cs; rv:1.8b5) Gecko/20051011 Firefox/1.4.1
1.4.1? I must have pointed you to the 1.5 Beta page. Please also download 1.6
Alpha (the continuously updated trunk version) at http://www.mozilla.org/developer/
(In reply to comment #3)
> 1.4.1? I must have pointed you to the 1.5 Beta page. Please also download 1.6
> Alpha (the continuously updated trunk version) at
http://www.mozilla.org/developer/

Same problem.

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051014
Firefox/1.6a1

What is the expected result? If you originally had priviledges to the file, why
would the transfer remove those priviledges from you?
(In reply to comment #5) 
> What is the expected result?
I supposed this problem. However, you probably want know, what Firefox should do by my opinion. Firefox should do the same, which do, when you drag&drop link from Firefox, I think. (ignore drag&drop)
> If you originally had priviledges to the file, why 
> would the transfer remove those priviledges from you? 
I don't understand this question.
If you're dragging the link from Firefox, what are you dragging it to?
Per bug 285438 comment 42, it seems that this bug is invalid.
Good find.

<- INVA per comment 8
Status: NEW → RESOLVED
Closed: 19 years ago19 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.