Closed Bug 1351722 Opened 7 years ago Closed 7 years ago

Possible content injection via console leading to code execution

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
52 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1319080

People

(Reporter: dkdmd18, Unassigned)

Details

Attachments

(1 file)

firefox.JPG
94.67 KB, image/jpeg
Details
Attached image firefox.JPG 
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Steps to reproduce:

on version 52 of firefox, I was trying the harleem shake xss and also trying to launch executables from my windows directory in the inspect element window-> console

The payload I entered is: f=Components.classes['@mozilla.org/file/local;1'].createInstance(Components.interfaces.nsILocalFile);f.initWithPath('c:\\Windows\\System32\\calc.exe');f.launch()



Actual results:

The calculator executable popped up after i hit run in the console


Expected results:

The executable file should not have blindly been executed and the action should have been blocked.
The screenshot is using Firebug, but there's a dupe for the same issue in the builtin console.

If you think this is a problem in Firebug, please file a bug in Firebug's bugtracker (not this one).
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Group: firefox-core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: