Firefox/Mozilla Demo: Reading local files via local HTML files
Giovanni Delvecchio points out that a Web server can enforce an "open with" dialog by specifying an unknown file type. If the user selects the to open the HTML document with the browser, this document will be downloaded and opened with the rights of a local file. According to Delvecchio, this affects Mozilla, Firefox and Opera. The following demo has been adapted to work with Mozilla and Firefox.
Local files cannot be read out directly from an external Web page. For this reason, this demo offers you the option of opening or saving an HTML file, which then reads out a local file on your system.
Linux: Open /etc/passwd.
You will then see a dialog window that asks you what you want to do with the file "cttest.html". Open the file either directly or after saving it with your browser.
If a window is displayed with the file content, the demo worked properly; the script would also have been able to send the file content to an external server. If no message is displayed, the demo failed. Users must decide themselves if reading out local files this way constitutes a security problem.