Tags: ssrf directorylisting xss
I noticed an issue：in FireFox，starting in Gecko 1.9, the file protocol's SOP restricts the files to be read must be in the same directory or in the sub directory
But I just test the challenge server：
(The content has been truncated)
It's ok to read /etc/passwd
The FireFox on chanllenge server is version 67，it should ban the request to file:///etc/passwd，so why?