Open Bug 712335 Opened 9 years ago Updated 9 years ago
Privacy leak in Windows file picker dialogs when selecting a URL in the open file field
STR: 1) open a file picker 2) copy paste a url to a file on the web in the file name text edit 3) select ok Windows will go out a download the file and place it in the IE cache, then return a local path to the file. The remains until the IE cache is cleared.
It really leaks? Is it possible to read the full path from the web page?
(In reply to Masatoshi Kimura [:emk] from comment #2) > It really leaks? Is it possible to read the full path from the web page? I don't think we expose local paths to web pages, but the file definitely sticks around after we shut down when running in privacy mode.
Does Chrome have the same issue?
Since the file is stored in the user's application data I personally don't think this is too big of a deal. If the user is an admin then they will have access to all files anyway. If the user is a limited user account they will not have access to the file. Maybe this is more related to private browsing or something though?
You need to log in before you can comment on or make changes to this bug.