Closed Bug 1279878 Opened 4 years ago Closed 3 years ago

CSV injection

Categories

(bugzilla.mozilla.org :: General, defect)

Production
defect
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: anasroubi, Assigned: dkl)

Details

Attachments

(1 file)

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Build ID: 20160414065514

Steps to reproduce:

Make a new bug with the name [-2+3+cmd|' /C calc'!G2] (with out the squawker brackets ) the go to the  report and export it as CSV 
Open the CSV in Excel.
A warning will show up warning the user to disable execution unless he trusts the source of the file. The user may likely leave execution enable due to trusting the source. Click "enable".
A second warning will appear that states a similar message as the previous one ("only open if you trust the source..."). Click "yes"
The malicious code is executed - in this case it will just open the "calc" application. (Screenshot attached).


Actual results:

The -2+3+cmd|' /C calc'!G2 have made a commend in thw windows cmd


Expected results:

The -2+3+cmd|' /C calc'!G2 have made a commend in thw windows cmd
Group: firefox-core-security → bugzilla-security
Component: Untriaged → General
Flags: needinfo?(dylan)
Flags: needinfo?(dkl)
Product: Firefox → bugzilla.mozilla.org
Version: 45 Branch → Production
Already fixed.
Group: bugzilla-security
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1259881
Re-opening because a bmo bug cannot be resolved duplicate of a bugzilla bug without any indication of if the change in question is resolved in bmo's codebase
Status: RESOLVED → REOPENED
Ever confirmed: true
Flags: needinfo?(dylan)
Flags: needinfo?(dkl)
Resolution: DUPLICATE → ---
Attached patch 1279878_1.patchSplinter Review
Assignee: nobody → dkl
Status: REOPENED → ASSIGNED
Attachment #8766103 - Flags: review?(dylan)
Comment on attachment 8766103 [details] [diff] [review]
1279878_1.patch

Review of attachment 8766103 [details] [diff] [review]:
-----------------------------------------------------------------

r=dylan
Attachment #8766103 - Flags: review?(dylan) → review+
To https://github.com/mozilla-bteam/bmo.git
   7697add..19e2b19  master -> master
Status: ASSIGNED → RESOLVED
Closed: 4 years ago3 years ago
Resolution: --- → FIXED
Hi there 
is there any bounty for this vulnerability

Thanks
(In reply to Anas Roubi from comment #6)
> Hi there 
> is there any bounty for this vulnerability
> 
> Thanks

No. Due to the same reasons described in bug 1259881 comment 54.

dkl
You need to log in before you can comment on or make changes to this bug.