Closed
Bug 1136413
Opened 9 years ago
Closed 9 years ago
Firefox installer ignores user-defined installation directory for maintenance service
Categories
(Firefox :: Installer, defect)
Tracking
()
VERIFIED
INVALID
People
(Reporter: stefan.kanthak, Unassigned)
References
Details
Attachments
(1 file)
324 bytes,
text/plain
|
Details |
User Agent: Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0 Build ID: 20150105205548 Steps to reproduce: User-defined installation of Firefox 36, giving D:\Programs\Mozilla\Firefox\ as installation directory Actual results: Firefox was installed into user-defined directory, but maintenance service into "%ProgramFiles%\Mozilla Maintenance Service" without asking the user for consent or even informing about the installers ignorance. THIS IS NOT ACCEPTABLE! Expected results: All components must be installed into the user-defined directory. Same bug exists in Thunderbird, see 871095.
Reporter | ||
Comment 1•9 years ago
|
||
Updated•9 years ago
|
Component: Untriaged → Installer
Comment 2•9 years ago
|
||
That is intentional since the service runs as the system and could be exploited.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
Reporter | ||
Comment 3•9 years ago
|
||
Thanks once again for the verification that you dont have the slightest cue how defect your product is! MKLINK /H "%ProgramFiles%\mozilla maintenance service" "%USERPROFILE%\desktop\mms" maintenanceservice_installer.exe installs the service into the exploitable location "%USERPROFILE%\desktop\mms"!
Status: RESOLVED → VERIFIED
Comment 4•9 years ago
|
||
If you have a way to exploit this please file a security bug.
Comment 5•9 years ago
|
||
(In reply to Stefan Kanthak from comment #3) > Thanks once again for the verification that you dont have the slightest cue > how defect your product is! > > MKLINK /H "%ProgramFiles%\mozilla maintenance service" > "%USERPROFILE%\desktop\mms" > maintenanceservice_installer.exe > > installs the service into the exploitable location > "%USERPROFILE%\desktop\mms"! Also, don't you have to run as admin in order to create the link?
Comment 6•9 years ago
|
||
Also, there are lots of application's that have installers that install shared files, components, etc. into other locations than the application directory. The maintenance service is shared.
Reporter | ||
Comment 7•9 years ago
|
||
(In reply to Robert Strong [:rstrong] (use needinfo to contact me) from comment #6) > Also, there are lots of application's that have installers that install > shared files, components, etc. into other locations than the application > directory. The maintenance service is shared. bug #1: shared components have to be installed into "%CommonProgramFiles%\<vendor>\<component>" See the 20+ year old "Designed for Windows" guidelines and fix your bug. JFTR: what about NSS, Gecko and all the other shared componennts of the various Mozillo products? OUCH! bug #2: the installer fails to set the proper NTFS ACLs to protect the service against exploitation. FIX IT!
Reporter | ||
Comment 8•9 years ago
|
||
(In reply to Robert Strong [:rstrong] (use needinfo to contact me) from comment #5) > (In reply to Stefan Kanthak from comment #3) > > Thanks once again for the verification that you dont have the slightest cue > > how defect your product is! > > > > MKLINK /H "%ProgramFiles%\mozilla maintenance service" > > "%USERPROFILE%\desktop\mms" > > maintenanceservice_installer.exe > > > > installs the service into the exploitable location > > "%USERPROFILE%\desktop\mms"! > Also, don't you have to run as admin in order to create the link? It's a junction; (not only) this type of a reparse point can be created without ANY privileges.
Updated•9 years ago
|
Group: core-security
Updated•9 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•