Open
Bug 712335
Opened 13 years ago
Updated 2 months ago
Privacy leak in Windows file picker dialogs when selecting a URL in the open file field
Categories
(Core :: Widget: Win32, defect)
Tracking
()
NEW
People
(Reporter: jimm, Unassigned)
References
Details
Attachments
(1 file, 1 obsolete file)
|
311 bytes,
text/html
|
Details |
STR: 1) open a file picker 2) copy paste a url to a file on the web in the file name text edit 3) select ok Windows will go out a download the file and place it in the IE cache, then return a local path to the file. The remains until the IE cache is cleared.
|
Reporter | |
Comment 1•13 years ago
|
||
|
||
Comment 2•13 years ago
|
||
It really leaks? Is it possible to read the full path from the web page?
|
|
Reporter | |
Comment 3•13 years ago
|
||
(In reply to Masatoshi Kimura [:emk] from comment #2) > It really leaks? Is it possible to read the full path from the web page? I don't think we expose local paths to web pages, but the file definitely sticks around after we shut down when running in privacy mode.
|
||
Comment 4•13 years ago
|
||
Does Chrome have the same issue?
|
||
Comment 5•13 years ago
|
||
Since the file is stored in the user's application data I personally don't think this is too big of a deal. If the user is an admin then they will have access to all files anyway. If the user is a limited user account they will not have access to the file. Maybe this is more related to private browsing or something though?
|
||
Updated•2 years ago
|
Severity: normal → S3
| Comment hidden (spam) |
|
||
Updated•2 months ago
|
Attachment #9384248 -
Attachment is obsolete: true
You need to log in
before you can comment on or make changes to this bug.
Description
•