Closed
Bug 328445
Opened 18 years ago
Closed 17 years ago
forward as inline loads local files in iframe
Categories
(Thunderbird :: Message Compose Window, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: guninski, Assigned: mscott)
Details
<iframe src='file:///etc/passwd'> loads local file when "forward(ed) as inline". accessing local file is not nice if javascript may be executed. accessing local files also may allow DoS via devices. mailbox: https://bugzilla.mozilla.org/attachment.cgi?id=213016 1.5 and trunk are affected 1.0.7 is not.
Reporter | ||
Comment 1•18 years ago
|
||
this seems fixed on latest suit trunk by some other bug. the exploit doesn't work anymore.
Comment 2•17 years ago
|
||
georgi, should we close this one?
Reporter | ||
Comment 3•17 years ago
|
||
(In reply to comment #2) > georgi, should we close this one? > this seems fixed on trunk and 2.0.0.9 according to my tests
Updated•17 years ago
|
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Updated•16 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•