Closed Bug 298257 Opened 20 years ago Closed 20 years ago

access violation when I use javascript after about:config (access to local content)

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: marcosacm, Unassigned)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Win98; pt-BR; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 Build Identifier: Mozilla/5.0 (Windows; U; Win98; pt-BR; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 When I add a bookmark such as "javascript:void(location.href='file:///c:/');" I can`t show the contents of the folder C:/ because a security error by Firefox. It`s OK. However, if I execute the same bookmark after the option "about:config" all the content of the folder C:/ (folders and files) was showed!! I didn`t change any enviromments variables!! Reproducible: Always Steps to Reproduce: 1.In option manage bookmark, add a new bookmark called "home" with the following address: javascript:void(location.href='file:///c:/'); 2.In the browser location I put the address: about:config and clicked go 3.I clicked in my bookmark "home" Actual Results: All the files and folders in my computer (C:/) were showed on the browser, unlike the default behaviour of the Firefox which it doesn`t show that content. Expected Results: Not show any content, like it happens if the option about:config it doesn`t used before the bookmark.
same with XP: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050618 Firefox/1.0+ and Linux: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b2) Gecko/20050618 Firefox/1.0+ additional information: this only works if about:config is still active. after visiting another url the expected behavior is observed. behavior can also be observed when using about:plugins instead.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050619 Firefox/1.0+ ID:2005061917 I can reproduce this - > New I can see no reason why the bookmark permissions should behave differently so this should be fixed in case there is some kind of possible exploit related to this.
Status: UNCONFIRMED → NEW
Component: Bookmarks → Security
Ever confirmed: true
QA Contact: bookmarks → firefox
Summary: acess violation when I use javascript after about:config → access violation when I use javascript after about:config (access to local content)
Using javascript: in the location bar makes the code run with the priviledges of the currently displayed page. Since about:config has chrome priviledges, using that command there works. This is invalid.
OS: Windows 98 → All
Hardware: PC → All
Version: unspecified → Trunk
To expand on Gavin's comment, javascript: *bookmarks* also run in the context of the currently open page -- that's what bookmarklets are all about -- so this is as-intended behavior. I've argued elsewhere that we ought to strip enhanced privileges from chrome: pages opened in a <browser> content window, but that's a different bug. (If that comes to pass about:config will have to be opened in it's own window, like the javascript console.)
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.