access violation when I use javascript after about:config (access to local content)

RESOLVED INVALID

Status

()

--
major
RESOLVED INVALID
14 years ago
14 years ago

People

(Reporter: marcosacm, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

14 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Win98; pt-BR; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Win98; pt-BR; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

When I add a bookmark such as "javascript:void(location.href='file:///c:/');" I
can`t show the contents of the folder C:/ because a security error by Firefox.
It`s OK. However, if I execute the same bookmark after the option "about:config"
all the content of the folder C:/ (folders and files) was showed!! I didn`t
change any enviromments variables!!

Reproducible: Always

Steps to Reproduce:
1.In option manage bookmark, add a new bookmark called "home" with the following
address: javascript:void(location.href='file:///c:/');
2.In the browser location I put the address: about:config and clicked go
3.I clicked in my bookmark "home"

Actual Results:  
All the files and folders in my computer (C:/) were showed on the browser,
unlike the default behaviour of the Firefox which it doesn`t show that content.

Expected Results:  
Not show any content, like it happens if the option about:config it doesn`t used
before the bookmark.

Comment 1

14 years ago
same with XP:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050618
Firefox/1.0+

and Linux:
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b2) Gecko/20050618 Firefox/1.0+

additional information:
this only works if about:config is still active. after visiting another url the
expected behavior is observed.

behavior can also be observed when using about:plugins instead.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050619
Firefox/1.0+ ID:2005061917

I can reproduce this - > New

I can see no reason why the bookmark permissions should behave differently so
this should be fixed in case there is some kind of possible exploit related to this.
Status: UNCONFIRMED → NEW
Component: Bookmarks → Security
Ever confirmed: true
QA Contact: bookmarks → firefox
Summary: acess violation when I use javascript after about:config → access violation when I use javascript after about:config (access to local content)
Using javascript: in the location bar makes the code run with the priviledges of
the currently displayed page. Since about:config has chrome priviledges, using
that command there works. This is invalid.
OS: Windows 98 → All
Hardware: PC → All
Version: unspecified → Trunk
To expand on Gavin's comment, javascript: *bookmarks* also run in the context of
the currently open page -- that's what bookmarklets are all about -- so this is
as-intended behavior.

I've argued elsewhere that we ought to strip enhanced privileges from chrome:
pages opened in a <browser> content window, but that's a different bug. (If that
comes to pass about:config will have to be opened in it's own window, like the
javascript console.)
Status: NEW → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.