Closed
Bug 1279878
Opened 8 years ago
Closed 8 years ago
CSV injection
Categories
(bugzilla.mozilla.org :: General, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: anasroubi, Assigned: dkl)
Details
Attachments
(1 file)
1.09 KB,
patch
|
dylan
:
review+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 Build ID: 20160414065514 Steps to reproduce: Make a new bug with the name [-2+3+cmd|' /C calc'!G2] (with out the squawker brackets ) the go to the report and export it as CSV Open the CSV in Excel. A warning will show up warning the user to disable execution unless he trusts the source of the file. The user may likely leave execution enable due to trusting the source. Click "enable". A second warning will appear that states a similar message as the previous one ("only open if you trust the source..."). Click "yes" The malicious code is executed - in this case it will just open the "calc" application. (Screenshot attached). Actual results: The -2+3+cmd|' /C calc'!G2 have made a commend in thw windows cmd Expected results: The -2+3+cmd|' /C calc'!G2 have made a commend in thw windows cmd
Updated•8 years ago
|
Group: firefox-core-security → bugzilla-security
Component: Untriaged → General
Flags: needinfo?(dylan)
Flags: needinfo?(dkl)
Product: Firefox → bugzilla.mozilla.org
Version: 45 Branch → Production
Comment 1•8 years ago
|
||
Already fixed.
Group: bugzilla-security
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Comment 2•8 years ago
|
||
Re-opening because a bmo bug cannot be resolved duplicate of a bugzilla bug without any indication of if the change in question is resolved in bmo's codebase
Status: RESOLVED → REOPENED
Ever confirmed: true
Flags: needinfo?(dylan)
Flags: needinfo?(dkl)
Resolution: DUPLICATE → ---
Assignee | ||
Comment 3•8 years ago
|
||
Comment 4•8 years ago
|
||
Comment on attachment 8766103 [details] [diff] [review] 1279878_1.patch Review of attachment 8766103 [details] [diff] [review]: ----------------------------------------------------------------- r=dylan
Attachment #8766103 -
Flags: review?(dylan) → review+
Assignee | ||
Comment 5•8 years ago
|
||
To https://github.com/mozilla-bteam/bmo.git 7697add..19e2b19 master -> master
Status: ASSIGNED → RESOLVED
Closed: 8 years ago → 8 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 6•8 years ago
|
||
Hi there is there any bounty for this vulnerability Thanks
Assignee | ||
Comment 7•8 years ago
|
||
(In reply to Anas Roubi from comment #6) > Hi there > is there any bounty for this vulnerability > > Thanks No. Due to the same reasons described in bug 1259881 comment 54. dkl
You need to log in
before you can comment on or make changes to this bug.
Description
•