Closed Bug 293650 Opened 20 years ago Closed 19 years ago

Opening privileged file by drag&drop from other application

Categories

(Firefox :: Security, defect)

x86
Windows XP
defect
Not set
critical

Tracking

()

RESOLVED INVALID

People

(Reporter: org.mozilla.bugzilla-NO-PRIVATE-MAIL, Unassigned)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; cs-CZ; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; cs-CZ; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 When I drag and drop a link from other application to browser window, it will be opened, though it is refering to privileged file. Reproducible: Always Steps to Reproduce: 1. Create link to privileged file in other application. for example: <a href="chrome://browser/content/browser.xul">gogo</a> Make an e-mail in Thunderbird with this link and use "send later" (in HTML). Read this mail in folder "unsent messages". 2.Drag and drop the link to Firefox window. Actual Results: Privileged file was opened.
60 days inactive: INVALID in 72 hours, otherwise reassigning to owner. Is this reproducable with a nightly build (http://www.mozilla.org/developer)?
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Assignee: nobody → wbzsinj
Status: ASSIGNED → NEW
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
Assignee: wbzsinj → nobody
Status: REOPENED → NEW
(In reply to comment #1) > Is this reproducable with a nightly build (http://www.mozilla.org/developer)? Yes, same problem with nightly build. Mozilla/5.0 (Windows; U; Windows NT 5.1; cs; rv:1.8b5) Gecko/20051011 Firefox/1.4.1
1.4.1? I must have pointed you to the 1.5 Beta page. Please also download 1.6 Alpha (the continuously updated trunk version) at http://www.mozilla.org/developer/
(In reply to comment #3) > 1.4.1? I must have pointed you to the 1.5 Beta page. Please also download 1.6 > Alpha (the continuously updated trunk version) at http://www.mozilla.org/developer/ Same problem. Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051014 Firefox/1.6a1
What is the expected result? If you originally had priviledges to the file, why would the transfer remove those priviledges from you?
(In reply to comment #5) > What is the expected result? I supposed this problem. However, you probably want know, what Firefox should do by my opinion. Firefox should do the same, which do, when you drag&drop link from Firefox, I think. (ignore drag&drop) > If you originally had priviledges to the file, why > would the transfer remove those priviledges from you? I don't understand this question.
If you're dragging the link from Firefox, what are you dragging it to?
Per bug 285438 comment 42, it seems that this bug is invalid.
Good find. <- INVA per comment 8
Status: NEW → RESOLVED
Closed: 20 years ago19 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.