Closed Bug 1335845 (CVE-2022-34483) Opened 8 years ago Closed 2 years ago

Image Drag and Drop Remote Code Execution

Categories

(Core :: DOM: Copy & Paste and Drag & Drop, defect)

Product:
Core
Component:
DOM: Copy & Paste and Drag & Drop
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
102 Branch
Tracking Flags:
Tracking Status
firefox-esr91 --- wontfix
firefox100 --- wontfix
firefox101 --- wontfix
firefox102 --- fixed

People

(Reporter: dveditz, Assigned: enndeakin)

References

Details

(Keywords: csectype-spoof, sec-moderate, Whiteboard: [ iDefense V-92zvysquci][adv-main102+])

Attachments

(1 file, 2 obsolete files)

advisory.txt
436 bytes, text/plain
Details 
iDefense VCP Submission V-92zvysquci
02/01/2017
Mozilla Firefox Image Drag and Drop Remote Code Execution Vulnerability (iDefense Zero Day)

Description: 
Remote exploitation of a design error vulnerability in the Mozilla Foundation's Firefox could allow an attacker to execute arbitrary code on the targeted host. 

*** A design error vulnerability exists in Firefox. Mozilla Firefox allows the creation of unsafe files on a host when performing drag and drop operations on images embedded in a webpage.

Analysis: 
Exploitation of this vulnerability allows the attacker to execute arbitrary code on the target. Exploitation requires that attackers social engineer victims into viewing a malicious Web page. To exploit this issue, an attacker must convince an user into performing a drag and drop operation on an image with a specially crafted file name with two extensions to the local file system. Firefox truncates characters from the final filename when the image's file name is longer than 128 characters. This could lead to arbitrary code execution when the user opens the created file.
iDefense considers this vulnerability to be of MEDIUM severity due to the need for social engineering and user interaction.

Credit: 
Eduardo Braun Prado
Keywords: csectype-spoof, sec-moderate

This should have been fixed at least by 1746052.

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Assignee: nobody → enndeakin
Group: dom-core-security → core-security-release
status-firefox100: --- → wontfix
status-firefox101: --- → wontfix
status-firefox102: --- → fixed
status-firefox-esr91: --- → wontfix
Depends on: 1746052
Target Milestone: --- → 102 Branch
QA Whiteboard: [post-critsmash-triage]
Flags: qe-verify-
Whiteboard: [ iDefense V-92zvysquci] → [ iDefense V-92zvysquci][adv-main102+]
Attached file advisory.txt (obsolete) —
Attached file advisory.txt (obsolete) —
Attachment #9282668 - Attachment is obsolete: true
Attached file advisory.txt
Attachment #9282673 - Attachment is obsolete: true
Alias: CVE-2022-34483
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: