mailing list archives
RE: Disclosure of local file content in Mozilla Firefox and Opera
From: "Giovanni Delvecchio" <badpenguin79 () hotmail com>
Date: Mon, 06 Dec 2004 23:50:35 +0000
Which you wrote is correct, indeed i have specified in my message:
Anyway it cannot be exploited "directly" by a remote site, but only if the
page is opened from a local path ( file://localpath/code.htm), since the
iframe belongs to a local domain.
Note: with Internet Explorer these PoCs doesn't work even in local.
My target was explain how a remote user could take advantage by this
I illustrated also a possible method of remote exploitation.
But at this point i have a question: if it is a normal behavior, why in Ms
Internet Explorer i cannot reproduce this problem even in local zone?
Maybe different implementation? IMHO it's strange.
This is not a vulnerability, it is expected behavior.
Mozilla shares the same zone design as IE which means that a file from the
local file zone can read any other file from the local file zone. You
cannot use this approach to read a local file from another zone such as the
Internet zone. From the Internet zone, you can also only read the content
of files from the same zone, same protocol and same domain.
I agree that Mozilla has implemented quite a lot of proprietary IE
extensions which it should have not done, however reading the innerHTML of
an element through document.all does not circumvent the traditional zone
security checks already in place.
Senior Security Researcher
23 Corporate Plaza #280
Newport Beach, CA 92660
thor () pivx com
Stock symbol: (PIVX.OB)
Phone: +1 (949) 231-8496
B5AB D1A4 D4FD 5731 89D6 20CD 5BDB 3D99 4207 AEE9
PivX defines a new genre in Desktop Security: Proactive Threat Mitigation.
Scarica gratuitamente MSN Toolbar! http://toolbar.msn.it/
Full-Disclosure - We believe in it.