Open
Bug 1396030
Opened 7 years ago
Updated 10 months ago
Load PKCS#11 modules in isolated processes
Categories
(Core :: Security: PSM, defect, P2)
Core
Security: PSM
Tracking
()
NEW
People
(Reporter: kmag, Unassigned)
References
Details
(Whiteboard: [psm-backlog])
With bug 1357391, PKCS#11 modules will become the easiest/only way for extensions to load native code into our privileged address space. I'm not sure how exploitable this is since bug 1299187, but it's still not a loophole that I'm happy opening. If there's a way to exploit it, I have no doubt that it will be exploited.
I talked to Keeler, and he thinks that loading PKCS#11 modules in isolated processes shouldn't be a lot of work. He even has a proof of concept:
https://github.com/mozkeeler/ooppkcs11
So perhaps it's time to prioritize this?
|
||
Comment 1•7 years ago
|
||
I think this is definitely a concern. Previously malware authors could just side-load add-ons into a user's profile. Now that we've raised the bar on that, the next easiest thing to do would be to modify the PKCS#11 module DB in a user's profile to load up a module at startup. Once that's accomplished, they can run arbitrary code in Firefox's process space. I realize that malware running locally is a hard threat to meaningfully defend against, but if I understand correctly that the purpose of requiring add-ons be signed was to raise the bar, we can and should keep going with doing the same for PKCS#11 modules.
Priority: -- → P2
Whiteboard: [psm-backlog]
|
|
||
Updated•6 years ago
|
See Also: → socket-proc
|
||
Updated•5 years ago
|
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•