Privacy leak in Windows file picker dialogs when selecting a URL in the open file field

NEW
Unassigned

Status

()

defect
8 years ago
8 years ago

People

(Reporter: jimm, Unassigned)

Tracking

Trunk
x86_64
Windows 7
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

Reporter

Description

8 years ago
STR:

1) open a file picker
2) copy paste a url to a file on the web in the file name text edit
3) select ok

Windows will go out a download the file and place it in the IE cache, then return a local path to the file. The remains until the IE cache is cleared.
Reporter

Comment 1

8 years ago
Posted file test case
Reporter

Updated

8 years ago
Depends on: 711654
It really leaks? Is it possible to read the full path from the web page?
Reporter

Comment 3

8 years ago
(In reply to Masatoshi Kimura [:emk] from comment #2)
> It really leaks? Is it possible to read the full path from the web page?

I don't think we expose local paths to web pages, but the file definitely sticks around after we shut down when running in privacy mode.
Does Chrome have the same issue?
Since the file is stored in the user's application data I personally don't think this is too big of a deal.  

If the user is an admin then they will have access to all files anyway.  If the user is a limited user account they will not have access to the file. 

Maybe this is more related to private browsing or something though?
You need to log in before you can comment on or make changes to this bug.