Closed Bug 405976 Opened 18 years ago Closed 18 years ago

XMLHttpRequest in a local file can open any local file

Tracking

()

Status:

RESOLVED INVALID

People

(Reporter: guninski, Unassigned)

Details

Attachments

(1 file)

xml3.html - open locally 18 years ago georgi - hopefully not receiving bugspam 405 bytes, text/html		Details

georgi - hopefully not receiving bugspam

Reporter

Description

•

18 years ago

XMLHttpRequest in a local file can open any local file, bypassing file restrictions on trunk. this allows at least reading xml files (branch can easily read 'text/plain') done via the normal usage of XMLHttpRequest

georgi - hopefully not receiving bugspam

Reporter

Comment 1

•

18 years ago

Attached file xml3.html - open locally — Details

open it locally

georgi - hopefully not receiving bugspam

Reporter

Comment 2

•

18 years ago

hm, i am not sure reading xml files is easily possible: even well formed xml files produce error in js console. this may be invalid, though it is kinda strange doing the xml request.

georgi - hopefully not receiving bugspam

Reporter

Comment 3

•

18 years ago

probably this is invalid

Jesse Ruderman

Comment 4

•

18 years ago

It's able to read my /etc/passwd if I have security.fileuri.origin_policy=3, but with security.fileuri.origin_policy=2 (the current default), it gets an empty responseText and a strange error message.

Group: security

Status: NEW → RESOLVED

Closed: 18 years ago

Resolution: --- → INVALID

You need to log in before you can comment on or make changes to this bug.

Bugzilla

XMLHttpRequest in a local file can open any local file

Categories

(Firefox :: Security, defect)

Tracking

()

People

(Reporter: guninski, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Comment 3

Comment 4

Attachment

General

Description

File Name

Content Type