Open
Bug 712335
Opened 14 years ago
Updated 1 year ago
Privacy leak in Windows file picker dialogs when selecting a URL in the open file field
Categories
(Core :: Widget: Win32, defect)
Tracking
()
NEW
People
(Reporter: jimm, Unassigned)
References
Details
Attachments
(1 file, 1 obsolete file)
|
311 bytes,
text/html
|
Details |
STR:
1) open a file picker
2) copy paste a url to a file on the web in the file name text edit
3) select ok
Windows will go out a download the file and place it in the IE cache, then return a local path to the file. The remains until the IE cache is cleared.
|
Reporter | |
Comment 1•14 years ago
|
||
|
||
Comment 2•14 years ago
|
||
It really leaks? Is it possible to read the full path from the web page?
|
|
Reporter | |
Comment 3•14 years ago
|
||
(In reply to Masatoshi Kimura [:emk] from comment #2)
> It really leaks? Is it possible to read the full path from the web page?
I don't think we expose local paths to web pages, but the file definitely sticks around after we shut down when running in privacy mode.
|
||
Comment 4•14 years ago
|
||
Does Chrome have the same issue?
|
||
Comment 5•14 years ago
|
||
Since the file is stored in the user's application data I personally don't think this is too big of a deal.
If the user is an admin then they will have access to all files anyway. If the user is a limited user account they will not have access to the file.
Maybe this is more related to private browsing or something though?
|
||
Updated•3 years ago
|
Severity: normal → S3
|
||
Updated•1 year ago
|
Attachment #9384248 -
Attachment is obsolete: true
You need to log in
before you can comment on or make changes to this bug.
Description
•