Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Disclosure of local file content in Mozilla Firefox and Opera
From: "Giovanni Delvecchio" <badpenguin79 () hotmail com>
Date: Mon, 06 Dec 2004 23:50:35 +0000

Which you wrote is correct, indeed i have specified in my message:

Anyway it cannot be exploited "directly" by a remote site, but only if the page is opened from a local path ( file://localpath/code.htm), since the iframe belongs to a local domain.

Note: with Internet Explorer these PoCs doesn't work even in local.

My target was explain how a remote user could take advantage by this feature.
I illustrated also a possible method of remote exploitation.

But at this point i have a question: if it is a normal behavior, why in Ms Internet Explorer i cannot reproduce this problem even in local zone?
Maybe different implementation? IMHO it's strange.


Regards,
Giovanni Delvecchio



This is not a vulnerability, it is expected behavior.

Mozilla shares the same zone design as IE which means that a file from the local file zone can read any other file from the local file zone. You cannot use this approach to read a local file from another zone such as the Internet zone. From the Internet zone, you can also only read the content of files from the same zone, same protocol and same domain.

I agree that Mozilla has implemented quite a lot of proprietary IE extensions which it should have not done, however reading the innerHTML of an element through document.all does not circumvent the traditional zone security checks already in place.



Regards

Thor Larholm
Senior Security Researcher
PivX Solutions
23 Corporate Plaza #280
Newport Beach, CA 92660
http://www.pivx.com
thor () pivx com
Stock symbol: (PIVX.OB)
Phone: +1 (949) 231-8496
PGP: 0x4207AEE9
B5AB D1A4 D4FD 5731 89D6  20CD 5BDB 3D99 4207 AEE9

PivX defines a new genre in Desktop Security: Proactive Threat Mitigation.
<http://www.pivx.com/qwikfix>



_________________________________________________________________
Scarica gratuitamente MSN Toolbar! http://toolbar.msn.it/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault