Information disclosure though Windows file shares and shortcut files

ID MFSA2012-37
Type mozilla
Reporter Mozilla Foundation
Modified 2012-06-05T00:00:00


Security researcher Paul Stone reported an attack where an HTML page hosted on a Windows share and then loaded could then load Windows shortcut files (.lnk) in the same share. These shortcut files could then link to arbitrary locations on the local file system of the individual loading the HTML page. That page could show the contents of these linked files or directories from the local file system in an iframe, causing information disclosure.

This issue could potentially affect Linux machines with samba shares enabled.