Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2013-1727

Source

Mozilla Foundation Security Advisory 2013-84

Same-origin bypass through symbolic links

Announced

September 17, 2013

Reporter

Takeshi Terada

Impact

Moderate

Products

Firefox

Fixed in

Firefox 24

Description

Security researcher Takeshi Terada reported a mechanism to violate same-origin policy for local files using file:// through the use of symbolic links. This problem only affects web pages loaded from the local filesystem. This could allow for cross-site scripting (XSS) and access to locally stored Firefox files containing passwords and cookies.

This problem is specific to Firefox for Android.

References

Subverting Same-Origin Policy for Local Contents by Symbolic Link (CVE-2013-1727)

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Same-origin bypass through symbolic links

Same-origin bypass through symbolic links

Description

References

Vulmon Search

About

Products

Connect