lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 8 Aug 2013 18:14:55 +0300
From: Georgi Guninski <>
Subject: Re: [ MDVSA-2013:210 ] firefox

On Wed, Aug 07, 2013 at 04:48:22PM +0300, Georgi Guninski wrote:
> On Wed, Aug 07, 2013 at 12:36:01PM +0200, wrote:
> >  
> >  Security researcher Georgi Guninski reported an issue with Java
> Just to clarify:  I haven't report _any_ "issues" to mozilla
> since years...
> They are not fast in fixing bugs, especially when involving
> other vendors.
> If I get pissed off, will try to find the dates about
> the "issue" in question (suspect since at least 4 years).

looks like it's more than 4 years...

from their advisory appears it is bug #406541.

Here it is:

Date: Mon, 3 Dec 2007 01:43:10 -0800
Subject: [Bug 406541] New:
        local java applet may read arbitrary files under certain circumstances

Do not reply to this email.  You can add comments to this bug at

           Summary: local java applet may read arbitrary files under certain
           Product: Firefox
           Version: Trunk
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: --
         Component: Security
         QAContact: firefox@...urity.bugs

Created an attachment (id=291181)
 --> ( - compiled a1.class must be saved in

recent trunk has restrictions on what local html can access

in bug 402998 Comment #8 someone with email asked to "post a test" for
local applet circumventing restrictions.

it is like beating a death horse, but here it is:

if the path of the locally saved applet is known at applet compile time, the
applet can read any file.

note that if the luser saves files in a single directory, a two stage attack
may be successful with high probability.

suppose the applet is saved in directory:

it should be instantiated like this:
<applet codebase="file:///"

and the applet should contain:
 * This is the path to the applet filename:
 * */
package tmp.DumbUglyB1llMarriedDumbUglyB1tch;
public class a1 extends Applet {

Configure bugmail:

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists