Closed Bug 417400 Opened 13 years ago Closed 12 years ago
Resource Directory Traversal Vulnerability - Mac OS X and Linux Example
If the OS user name and profile value can be determined, it is possible to read the sessionstore.js file. Note also that different errors are returned for invalid (or unreachable) user name values compared to users that exist.
Whiteboard: [sg:dupe 380994]
Assignee: nobody → dveditz
Product: Firefox → Core
QA Contact: firefox → toolkit
Status: UNCONFIRMED → NEW
Ever confirmed: true
Verified on latest Mac/Linux build candidates for 20017 and 3.0.2 using test case in comment #1. When running the test case on 20016 and 3.0.1 I could see the contents my sessionstore.js file, on 20017 and 3.0.2 nothing happens. Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:188.8.131.52) Gecko/2008082909 Firefox/184.108.40.206 Mozilla/5.0 (X11; U; Linux i686; en-US; rv:220.127.116.11) Gecko/2008082909 Firefox/18.104.22.168 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:22.214.171.124) Gecko/2008082909 Firefox/3.0.2 Mozilla/5.0 (X11; U; Linux i686; en-US; rv:126.96.36.199) Gecko/2008082909 Firefox/3.0.2
bug 380994 checked in: http://hg.mozilla.org/mozilla-central/rev/6dad95d60106 http://hg.mozilla.org/mozilla-central/rev/1eccc541661c
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.