Closed
Bug 1766047
(CVE-2022-34471)
Opened 2 years ago
Closed 2 years ago
Verify that version of downloaded XPI matches with the version from the update manifest
Categories
(WebExtensions :: General, defect, P2)
WebExtensions
General
Tracking
(firefox-esr91 wontfix, firefox100 wontfix, firefox101 wontfix, firefox102+ fixed)
RESOLVED
FIXED
102 Branch
People
(Reporter: robwu, Assigned: robwu)
References
Details
(Keywords: sec-moderate, Whiteboard: [addons-jira][post-critsmash-triage][adv-main102+])
Attachments
(2 files)
We have logic that only select new versions from the update manifest. But after downloading we don't confirm whether the downloaded version matches the expected version. To avoid unintended downgrades when the update manifest has been tampered with on the server's end, we should prevent this from happening.
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 1•2 years ago
|
||
Updated•2 years ago
|
Severity: -- → N/A
Type: task → defect
Priority: -- → P2
Updated•2 years ago
|
Severity: N/A → S2
Updated•2 years ago
|
Keywords: sec-moderate
Comment 2•2 years ago
|
||
Reject updates that have a mismatching version r=rpl,geckoview-reviewers,agi
https://hg.mozilla.org/integration/autoland/rev/5fdca54eed615862439eba237461df742a3b46a9
https://hg.mozilla.org/mozilla-central/rev/5fdca54eed61
Group: firefox-core-security → core-security-release
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox102:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 102 Branch
Updated•2 years ago
|
status-firefox100:
--- → wontfix
status-firefox101:
--- → wontfix
status-firefox-esr91:
--- → wontfix
tracking-firefox102:
--- → +
Flags: in-testsuite+
Updated•2 years ago
|
Flags: qe-verify+
Whiteboard: [addons-jira] → [addons-jira][post-critsmash-triage]
Updated•2 years ago
|
Whiteboard: [addons-jira][post-critsmash-triage] → [addons-jira][post-critsmash-triage][adv-main102+]
Comment 4•2 years ago
|
||
Updated•2 years ago
|
Alias: CVE-2022-34471
Updated•1 year ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•