X
Tap here to go to the mobile version of the site.

منتدى الدعم

Have a help file that has 3 clicks, contents, index, and search. A recent Firefox update disabled this functionality. This functionality still works in IE.

Posted

The question describes the problem

The question describes the problem
Attached screenshots

Chosen solution

Hi peterfairchild, Firefox 68+ contains a security patch which restricts the kinds of files that pages can load (and methods of loading) when you open them from a file:// URL. This change was made to prevent exfiltration of valuable data within reach of a local page, as demonstrated in an available exploit. More info:

If your local help system uses scripts to change pages in frames, that would explain why it is affected. If it is unusable and critical to you, you could roll back the patch as follows:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste uniq and pause while the list is filtered

(3) Double-click the privacy.file_unique_origin preference to switch the value from true to false

To mitigate the vulnerability:

If you save pages from untrusted sites in a separate folder, e.g., Downloads\Untrusted, then it would be difficult for an attack page to find any valuable content using local file links.

Read this answer in context 1
Quote

Additional System Details

Installed Plug-ins

  • Shockwave Flash 32.0 r0

Application

  • User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0

More Information

jscher2000
  • Top 10 Contributor
8637 solutions 70648 answers

Chosen Solution

Hi peterfairchild, Firefox 68+ contains a security patch which restricts the kinds of files that pages can load (and methods of loading) when you open them from a file:// URL. This change was made to prevent exfiltration of valuable data within reach of a local page, as demonstrated in an available exploit. More info:

If your local help system uses scripts to change pages in frames, that would explain why it is affected. If it is unusable and critical to you, you could roll back the patch as follows:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste uniq and pause while the list is filtered

(3) Double-click the privacy.file_unique_origin preference to switch the value from true to false

To mitigate the vulnerability:

If you save pages from untrusted sites in a separate folder, e.g., Downloads\Untrusted, then it would be difficult for an attack page to find any valuable content using local file links.

Hi peterfairchild, Firefox 68+ contains a security patch which restricts the kinds of files that pages can load (and methods of loading) when you open them '''from a file:// URL'''. This change was made to prevent exfiltration of valuable data within reach of a local page, as demonstrated in an available exploit. More info: * https://developer.mozilla.org/docs/Web/HTTP/CORS/Errors/CORSRequestNotHttp * https://www.mozilla.org/security/advisories/mfsa2019-21/#CVE-2019-11730 If your local help system uses scripts to change pages in frames, that would explain why it is affected. If it is unusable and critical to you, you could roll back the patch as follows: (1) In a new tab, type or paste '''about:config''' in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk. (2) In the search box above the list, type or paste '''uniq''' and pause while the list is filtered (3) Double-click the '''privacy.file_unique_origin''' preference to switch the value from true to false '''To mitigate the vulnerability:''' If you save pages from untrusted sites in a separate folder, e.g., Downloads\Untrusted, then it would be difficult for an attack page to find any valuable content using local file links.
Was this helpful to you? 1
Quote

Question owner

Perfect! Thank you.

Peter

Perfect! Thank you. Peter
Was this helpful to you?
Quote
اطرح سؤالا

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.