Closed
Bug 1509200
Opened 6 years ago
Closed 6 years ago
Firefox passes uninitialized memory to Windows authentication API (maybe?)
Categories
(Firefox :: WebPayments UI, defect)
Firefox
WebPayments UI
Tracking
()
RESOLVED
DUPLICATE
of bug 1508936
People
(Reporter: pauljt, Unassigned)
References
Details
Attachments
(1 file)
12.32 KB,
image/png
|
Details |
I have a test case which reliably seems to pass memory to the Windows API responsible for showing OS authentication prompts. I doubt its an exploitable security issue, but its a concerning state. I'm leaving this public, as we are not shipping this API yet, so currently it poses no risk (but it might once its shipped, depending on what is actually going on here). STR: 1. Load https://misuse.co/t/pay/testcase.html 2. click the button, and enter details and hit pay 3. you will see an auth prompt with garbled text Expected: Not garbled text. Actual: See attachment
Reporter | ||
Updated•6 years ago
|
Group: firefox-core-security
Comment 2•6 years ago
|
||
Could we dupe to the public bug 1508936?
Reporter | ||
Comment 3•6 years ago
|
||
Yeh its probably fine, was just being overly cautious.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Updated•1 year ago
|
Group: firefox-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•