From Bugzilla Helper: User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.6 i686) BuildID: 20010715 (I lied about BuildID since the problem is observable across any build so far from what I heard.) The browser should not blindly open and read file:/// URL. Instead, the browser should stat the pathname and decide to read only the ordinary file and directories, and ignore all th rest including the block and char and other device files. See the discussion on BugTraq that took place on July 16, 17, 18 of 2001. Reproducible: Always Steps to Reproduce: 1. Just try to access file:///dev/zero, file:///dev/console, etc.. 2. You will notice the apparent hung. 3. Repeatable all the time. Actual Results: The browser will get hung or worse sometimes keyboard input is no longer available, etc. Bad URL includes file:///dev/pty0 file:///dev/console file:///dev/tty0 file:///dev/zero file:///con file:///nul file:///prn file:///clock .. Please check the disucssion that took place on bugtraq during July 16-18, 2001. BugTraq mailing list archive is at www.securityfocus.com.
We have got it covered *** This bug has been marked as a duplicate of 69070 ***
VERIFIED: qa to me, -> file Most of the entry points for this should be blocked now... If you can still reproduce this, comment here, or mark this REOPENED.
REOPEN: I'm pulling all the "special file" bugs out of "checkURI" b/c I'm hoping to handle these problems in "file", esp since it sounds like we aren't doing everything properly.
RESOLVED/DUPE: mstoltz is considering fixing this so even if checkloadURI is off, we are safe. *** This bug has been marked as a duplicate of 91657 ***
VERIFIED: file: URL verification cleanup.