Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

[hackerone] local files #14642

Closed
diracdeltas opened this issue Jul 3, 2018 · 7 comments · Fixed by brave/muon#628
Closed

[hackerone] local files #14642

diracdeltas opened this issue Jul 3, 2018 · 7 comments · Fixed by brave/muon#628
Assignees
@darkdh
Labels
QA/checked-Linux QA/checked-macOS QA/checked-Win64 release/blocking release-notes/include security
Milestone
0.23.x Release 4 ...

Comments

@diracdeltas
Copy link
Member

https://hackerone.com/bugs?subject=brave&report_id=375329
@diracdeltas diracdeltas self-assigned this Jul 3, 2018
@diracdeltas
Copy link
Member Author

diracdeltas commented Jul 3, 2018
edited
Loading

Similar issue (still fixed): #4906

@diracdeltas diracdeltas mentioned this issue Jul 3, 2018
Closed
diracdeltas added a commit that referenced this issue Jul 3, 2018
@diracdeltas
Add (failing) test case for #14642
ec32633
@Metnew
Copy link

Metnew commented Jul 4, 2018
edited
Loading

That's not a regression of #4906. #4906 relies on allowFileAccessFromFileUrls, this bug relies on CORS in muon(electron).
Probably, the problem is somewhere here 😉

Not sure is it ok to provide more info in the public tracker

@diracdeltas
Copy link
Member Author

@Metnew thanks for the info :)

looks like the vulnerable code is also in https://github.com/electron/electron; you might be able to get a bounty from them too

@Metnew
Copy link

Metnew commented Jul 5, 2018

Cool, but does Electron have a bug bounty? I didn't know that, thanks)

darkdh added a commit to brave/muon that referenced this issue Jul 5, 2018
@darkdh
Handle file:// with net::FileProtocolHandler and don't covert brave://
2de0a20 
to file://

fix brave/browser-laptop#14642

Auditor: @bridiver
@darkdh darkdh mentioned this issue Jul 5, 2018
Merged
darkdh added a commit to brave/muon that referenced this issue Jul 5, 2018
@darkdh
Handle file:// with net::FileProtocolHandler and don't covert brave://
d7310e2 
to file://

credit the patch to @bridiver

fix brave/browser-laptop#14642

Auditor: @bridiver, @diracdeltas
@diracdeltas diracdeltas assigned darkdh and unassigned diracdeltas Jul 5, 2018
darkdh added a commit to brave/muon that referenced this issue Jul 6, 2018
@darkdh
Handle file:// with net::FileProtocolHandler and don't covert brave://
845d425 
to file://

credit the patch to @bridiver

fix brave/browser-laptop#14642

Auditor: @bridiver, @diracdeltas
This was referenced Jul 21, 2018
Closed
Closed
Closed
@srirambv
Copy link
Collaborator

@darkdh mind adding the test steps for the issue for verification

@darkdh
Copy link
Member

darkdh commented Jul 24, 2018

Will DM you the detail since this is the security issue

@btlechowski
Copy link
Contributor

btlechowski commented Jul 24, 2018
edited by LaurenWags
Loading

Verified on Ubuntu 17.10 x64

  • 0.23.70 e63c780
  • Muon 8.0.1
  • libchromiumcontent 68.0.3440.68

Verified on Windows 10 x64 using

  • 0.23.70 e63c780
  • Muon 8.0.1
  • libchromiumcontent 68.0.3440.68

Verified with macOS 10.12.6 using

  • 0.23.70 e63c780
  • Muon 8.0.1
  • libchromiumcontent 68.0.3440.68

@kjozwiak kjozwiak mentioned this issue Jul 31, 2018
Closed
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees

@darkdh darkdh

Labels
QA/checked-Linux QA/checked-macOS QA/checked-Win64 release/blocking release-notes/include security
Projects
None yet
Milestone
0.23.x Release 4 w/ Chromium 68 (Rele...
Development

Successfully merging a pull request may close this issue.

Handle file:// with net::FileProtocolHandler brave/muon
8 participants
@diracdeltas @alexwykoff @kjozwiak @Metnew @darkdh @srirambv @LaurenWags @btlechowski