Open Bug 1475702 Opened 7 years ago Updated 2 years ago

[meta] Download protection should look inside archive files

Tracking

()

Status:

NEW

People

(Reporter: francois, Unassigned)

References

(Depends on 3 open bugs, Blocks 1 open bug)

Details

(Keywords: meta)

François Marier [:francois]

Reporter

Description

•

7 years ago

A few things to note about Chrome's implementation: - all decompressors are run in a separate "utility" process that is heavily sandboxed (and their parser code has been fuzzed too) - they also decompress the various aliases for .zip and .dmg (e.g. .iso, .dmgpart, etc.) -- list of aliases is in the Chromium source code - they don't recursively decompress files, but they consider a zip-within-a-zip suspicious and do a remote lookup for those

François Marier [:francois]

Reporter

Updated

•

7 years ago

Depends on: 1260856

François Marier [:francois]

Reporter

Updated

•

7 years ago

Depends on: 1167040

François Marier [:francois]

Reporter

Updated

•

7 years ago

No longer depends on: 1167040

François Marier [:francois]

Reporter

Updated

•

7 years ago

Depends on: 1475705

François Marier [:francois]

Reporter

Updated

•

7 years ago

Depends on: 1475706

François Marier [:francois]

Reporter

Updated

•

6 years ago

Depends on: 1480639

Sylvestre Ledru [:Sylvestre]

Updated

•

6 years ago

Keywords: meta

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

[meta] Download protection should look inside archive files

Categories

(Toolkit :: Safe Browsing, enhancement, P3)

Tracking

()

People

(Reporter: francois, Unassigned)

References

(Depends on 3 open bugs, Blocks 1 open bug)

Details

(Keywords: meta)

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated

Updated

Updated

Updated

Updated