Closed Bug 848058 Opened 9 years ago Closed 9 years ago
Local path disclosure in FCKeditor on wiki
Bug 847992 reported an XSS in FCK editor on wiki.mozilla.org. However I also noticed that it has an overly verbose error message in the page which could be useful for an attacker: Error executing `"C:\Program Files\Aspell\bin\aspell.exe" -a --lang=en_US --encoding=utf-8 -H --rem-sgml-check=alt < /tmp/aspell_data_2Yz5Gp 2>&1`\nsh: C:\Program Files\Aspell\bin\aspell.exe: command not found The page is: https://wiki.mozilla.org/extensions/FCKeditor/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php If I had to guess, I would say that the data posted to this script is written to a temp file, the location of which is disclosed by this error message (/tmp/aspell_data_2Yz5Gp) This information, while on its own isnt really that useful to an attacker, could be leveraged as part of other attacks. Also the code doesn't work (im guessing since there is a mix of linux and windows file paths) so if its unused, hopefully we can just remove it which would also solve bug 847992.
This extension seems to have been removed, so this bug is fixed as well as Bug 847992.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.