Closed Bug 1287372 Opened 8 years ago Closed 8 years ago

Clear-text credentials in browser memory

Categories

(Firefox :: Untriaged, defect)

50 Branch
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 298539

People

(Reporter: research, Unassigned)

Details

Attachments

(1 file)

Attached video firefox.mp4
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36

Steps to reproduce:

We would like to report something that we consider a vulnerability in your browser. We have identified that sensitive data entered in the browser remains in clear-text in memory, even after the data has been sent to the server and the tab has been closed by the user. This allows anyone who can get his/her hands on a memory dump of your browser process to harvest this data. It could be abused for sensitive data theft by e.g. malware, law enforcement, ... .


Actual results:

We were able to extract plaintext sensitive data from memory dumps using a Volatility plugin we wrote as a proof of concept for this vulnerability.


Expected results:

Going forward, we recommend to mitigate this issue by ensuring that you overwrite sensitive data from memory with zeroes as soon as possible, to prevent even free'd sensitive data from remaining available in memory. Generally, this can be done after the data has been sent to the server.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: