[Am-info] Mozilla / Netscape 6 XMLHttpRequest File Disclosure Vulnerability

[Fred A. Miller]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mozilla / Netscape 6 XMLHttpRequest File Disclosure Vulnerability
BugTraq ID: 4628
Remote: Yes
Date Published: Apr 30 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4628
Summary:

An issue exists in handling of HTTP redirects in the XMLHttpRequest objec=
t
used by Mozilla and Netscape 6.

The XMLHttpRequest object allows a client machine to obtain an XML
document through a HTTP request. Normally, security checks prevent this
object from directly accessing local files when the script is obtained
from an untrusted source, such as a remote web site.

A vulnerability exists when a request is made to a server via the method
XMLHttpRequest.Open()', and the response is a redirect. XMLHttpRequest
will automatically follow the redirect, and read the contents of the file=
=2E
The file contents are then accessible by the rest of the script code as
the responseText property, and may be transmitted to another website.

It has been reported that this issue also exists with the load method
applied to XML documents created with the createDocument method of the
DOMImplementation interface. This attack vector is available in Mozilla
1.0RC1.

This could lead to a disclosure of sensitive information to remote
attackers.

- --=20
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org, www.cupserv.org
- --- SuSE Linux v8.0 Pro---



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjzW6qsACgkQB9vk4ichYXd1DgCgrQUsyMQE5RwdcPYx90/VqXgI
AqUAnA+bieZ2yC63acpsatACt0vyaYIC
=3DHcvT
-----END PGP SIGNATURE-----