Closed Bug 417397 Opened 16 years ago Closed 16 years ago

loadBindingDocument method on XML documents will load arbitrary URIs

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
VERIFIED DUPLICATE of bug 379959

People

(Reporter: gfleischer+bugzilla, Unassigned)

Details

(Whiteboard: [sg:dup 379959])

Attachments

(1 file)

Example that shows loading of file:// URI
1.25 KB, text/html
Details 
User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12

The loadBindingDocument() method on XML documents will load arbitrary URIs including "file:///".

Currently, there is not an apparent method to get the results back so this is not usable as information leak of arbitrary files.  It may be possible to use the function to load valid XML binding documents and discover directory locations though.


Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Example will attempt to load "/etc/hosts" on Linux and Mac OS X and "C:\boot.ini" on Windows.

Check the JavaScript error console to see parse error.
We're on this already in bug 379959, so this particular bug happens to be a dup.  Thanks for the report, tho!
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:dup 379959]
Status: RESOLVED → VERIFIED
Group: core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: