mailing list archives
Another flaw in Firefox 184.108.40.206: to open files from remote
From: miky () gmail com
Date: 18 Apr 2006 14:38:34 -0000
It is possible by a malicious web site to open local content in the browser by tricking a user into right-clicking and
choosing "View Image" on a broken image, which is referencing a local resource (e.g. via the file: URI handler).
This may be exploited in combination with other vulnerabilities.
The weakness has been confirmed in version 220.127.116.11. Other versions may also be affected.
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:18.104.22.168)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:22.214.171.124)
A bug has been discovered by myself(TeamOverload) in Firefox
126.96.36.199(other versions are probably affected too). Through a
specially crafted webpage you can have any file be disguised as an
image. If you then right click-view image, the file will attempt to
download or just run if it is on the bypass list. Some extensions
such as .wma are defaulted like that and a malformed wma can be loaded
just by going to view image. Other websites can be loaded this way as
Steps to Reproduce:
1.Download attached archive that causes problem
2.Launch web page, and right click and choose show image on both
3.First image should open WindowsMediaPlayer and the second should go to a
different web page.
Both WMP and the alternate web page opened.
- Another flaw in Firefox 188.8.131.52: to open files from remote miky (Apr 18)