Open Bug 1561026 Opened 4 months ago Updated 3 months ago

overrun of a stack-based buffer

Categories

(Firefox :: Installer, defect, P1, critical)

67 Branch
defect

Tracking

()

UNCONFIRMED

People

(Reporter: timpsullivan, Unassigned, NeedInfo)

Details

(Keywords: crash)

Attachments

(1 file)

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36

Steps to reproduce:

I upgraded Firefoxm and received an "overrun of a stack-based buffer" warning after I upgraded to 67.0.04

Actual results:

I am attaching the screenshot of the error message.

Expected results:

I should not have received a security warning after upgrading Firefox, unless there was a security problem with the Firefox upgrade.

So you didn't just update Firefox from within Firefox? There would be no setup.exe involved in the normal upgrade process.

If this was our legitimate installer downloaded from https://www.mozilla.org/ and signed by us, then the good news is that all the input to the program is fixed as packaged by us, so there's no malicious content to take advantage of a stack overflow in this context. This is very different from running the browser itself or a similar internet connected program where it processes arbitrary and potentially malicious input from the internet.

Group: firefox-core-security
Severity: normal → critical
Component: Untriaged → Installer
Keywords: crash
Priority: -- → P1

Thanks for reporting this, it's certainly very odd. I don't think I've seen a message like that anywhere from any program, I'm not even sure what would have generated it, and we don't have much of our own native code in the installer, so a stack overflow anywhere is unlikely. What tool is that that you're using to handle these updates? I don't recognize it, and going through that might be important to reproducing this.

I'm also interested in whether or not if you run the installer as downloaded directly from https://www.mozilla.org/firefox/new/ you get the same result; would you mind trying that?

Flags: needinfo?(timpsullivan)
You need to log in before you can comment on or make changes to this bug.