Closed Bug 1619103 Opened 5 years ago Closed 5 years ago

I found a bug (security vulnerability) in browser that can compromise devices, laptops, mobiles etc

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
73 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: pidfjain, Unassigned)

Details

(Keywords: reporter-external)

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0

Steps to reproduce:

Visit this or any similar website used for hackers; website; https://www.y2mate.com/youtube/oQnqWAEReoY. Then click to download any video/item.

Actual results:

The hacker (Website) after downloading any video/item opens a new tab automatically & redirects url to different sites & runs a malicious code that can compromise computers, mobiles etc.

In Laptop i tested the malware: The code gets inside in Temp folder & in RAM. When we delete temp folder, the program/malicious code is not deleted from RAM so it again gets into temp folder without getting installed in C-Drive like other applications. If we format & reinstall C-Drive from Windows OS, the code from RAM again infects temp folder.Thus it is difficult to be detected & it is also difficult to get removed.

website; https://www.y2mate.com/youtube/oQnqWAEReoY
Issues: Out-of-limit memory access in transmissions AND allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Plus many other issues seen. 

Expected results:

Malware is installed without user permission in temp folder & RAM usually missed by anti virus, windows defender etc.

The linked website is really bad and full of misleading advertising with bad patterns to get your attention and click on wrong stuff, but I can not reproduce any kind of memory safety issue. As it so happens, these advertisements depend heavily on who is visiting the website and when. For me, I only get advertisement in the local language, so I can not reproduce.

Maybe you can try reproducing with a nightly asan build (note the hardware requirements!) https://firefox-source-docs.mozilla.org/tools/sanitizer/asan_nightly.html
If you can find an address sanitizer (asan) error), please attach to a new bug using the form at https://bugzilla.mozilla.org/form.client.bounty

Thank you!

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → INVALID

"incomplete" is perhaps better. The site does appear to be serving a bunch of shady stuff. So far we've only seen legal web code used in abusive ways. It's not hard to believe that if they did have a 0-day they might also serve that, but without capturing a copy of the site in that state there isn't (yet?) a specific flaw being reported in this bug. If you can capture the malicious (perhaps with a logging proxy?) we can reopen this bug and the bounty nomination you mailed us about.

Flags: sec-bounty-
Resolution: INVALID → INCOMPLETE
Group: firefox-core-security
You need to log in before you can comment on or make changes to this bug.