FF92.01 does not handle MHT files properly (possible security risk)
Categories
(Firefox :: File Handling, defect)
Tracking
()
People
(Reporter: ard1947, Unassigned)
Details
Attachments
(2 files)
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
Steps to reproduce:
Requested an email to display in Browser, with FF92 set as default app to do so.
Actual results:
Multiple tabs creation loop, had to close browser. I then lost all my previous session tabs.
Expected results:
Ideally, FF should either render the MHT file properly, OR if it cannot, then at least put a warning out that "This file type is not supported, try WORD or equivalent." I KNOW this was reported with BUG 1718681, BUT I feel that the closure response on that was rather poor and irresponsible, with it still attempting to open the (as yet unsupported) file type. It is a potential security risk (buffer or memory overflows, ability to crash the browser and access information, by using specially crafted payloads, malware injection etc).
|
Reporter | |
Comment 1•3 years ago
|
||
About:support details for review if needed.
|
|
Reporter | |
Comment 2•3 years ago
|
||
Background info on the security risk side:
https://hackercombat.com/malformed-mht-file-in-internet-explorer-may-lead-to-file-theft/
|
||
Comment 3•3 years ago
|
||
this is a very old and well-understood problem, and tracking it yet another time is not necessary.
|
|
||
Comment 4•3 years ago
|
||
(In reply to Tony Davis from comment #2)
Background info on the security risk side:
https://hackercombat.com/malformed-mht-file-in-internet-explorer-may-lead-to-file-theft/
This is a very different problem that happens to involve the same filetype. That doesn't mean that the Firefox problem has the same risks or security properties, which it does not.
|
||
Updated•3 years ago
|
Description
•