Browser Security News

While developing Zlap I accidentally ran my test HTML file from my local machine. I was using the XMLHttpRequest(), commonly used in AJAX software, that is built into FireFox. The request I was making was to a PHP file that was also on my local machine and it returned the full contents of said file. Upon further examination I discovered I could pull any file from any directory and have it displayed on the machine. I also tried to replicate this after uploading the test file to my server, luckily it failed.

What’s the big deal? I can’t remotely execute the file so we’re all safe. Well sort of. If I can get you to open a perfectly safe HTML file on your machine I can access your entire system. That’s right I can get the Directory structure, the files and all the contents of those files. Zabbey - Web Design and Solutions :: Firefox Security Flaw