Red Hat Bugzilla – Bug 145597
CAN-2005-0141 Link opened in new tab can load a local file
Last modified: 2007-11-30 17:07:06 EST
Mozilla Security Advisory MSA05-001
Title: Link opened in new tab can load a local file
Reporter: Jesse Ruderman
Fixed in: Firefox 1.0
Mozilla Suite 1.7.5
Links with a custom getter and toString method can bypass checks
intended to prevent web content from linking to local files and "chrome"
URIs if the user can be convinced to middle-click (or control-click)
to open it in a new tab.
The browser's "same-origin" policy prevents the attacker's content from
taking advantage of this flaw to read the local file or manipulate
This issue should also affect RHEL2.1
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.