Firefox local file disclosure and same-origin policy bypass-vulnerability warning-the black bar safety net

ID MYHACK58:62201677515
Type myhack58
Reporter 佚名
Modified 2016-08-02T00:00:00


Security research experts found that an attacker can use the Firefox browser offers“page Save as”function to read the target user's computer stored in any file. In addition, the attacker can also use this mechanism to get external web server in the data content. This kind of thing occurs, is because the Firefox browser provides a built-in function. This function allows the user to access the target file URI of the directory where all other files. Security research experts find, this is the developers deliberately added to it. It is worth noting that Google's Chrome browser has a similar feature, but you can not read the stored in the server in the host file. So Google the company does not believe that this is a security vulnerability.

Proof-of-concept examples The code below is what security researchers first submitted the vulnerability verification code: ! Basically, when the page of the source file using a similar link tag of the element to reference a web page or local resources, the Firefox browser will basically prevent this type of request operation. However, when the user of the this website page saved in local after the“page Save As”this function will not have the browser download the file to verify the legitimacy, so the user saves the page, their safety cannot be guaranteed.

When the File Download is completed, these files where the folder name is pre-set good-and the title page plus _files is. This also means that we can without any restrictions to read target host in the storage of local documents, and external web server to load the data content.

Analysis results screenshot !