Closed
Bug 417397
Opened 16 years ago
Closed 16 years ago
loadBindingDocument method on XML documents will load arbitrary URIs
Categories
(Firefox :: General, defect)
Firefox
General
Tracking
()
VERIFIED
DUPLICATE
of bug 379959
People
(Reporter: gfleischer+bugzilla, Unassigned)
Details
(Whiteboard: [sg:dup 379959])
Attachments
(1 file)
1.25 KB,
text/html
|
Details |
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 The loadBindingDocument() method on XML documents will load arbitrary URIs including "file:///". Currently, there is not an apparent method to get the results back so this is not usable as information leak of arbitrary files. It may be possible to use the function to load valid XML binding documents and discover directory locations though. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Reporter | ||
Comment 1•16 years ago
|
||
Example will attempt to load "/etc/hosts" on Linux and Mac OS X and "C:\boot.ini" on Windows. Check the JavaScript error console to see parse error.
Comment 2•16 years ago
|
||
We're on this already in bug 379959, so this particular bug happens to be a dup. Thanks for the report, tho!
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
Updated•16 years ago
|
Whiteboard: [sg:dup 379959]
Updated•16 years ago
|
Status: RESOLVED → VERIFIED
Updated•15 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•