Closed Bug 1810143 Opened 1 year ago Closed 1 year ago

Possible Download of .url Files for Data Exfiltration

Categories

(Firefox :: Security, defect)

defect

Tracking

()

RESOLVED DUPLICATE of bug 1809923

People

(Reporter: fazim.pentester, Unassigned)

References

Details

(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])

Attachments

(1 file)

Attached file poc.html

In Firefox it has implemented a security measure to protect users by replacing the download of ".lnk" files with ".download" extension. However, there is another file extension that is considered to be more severe than ".lnk", which is the ".url" extension.
A ".url" file, also known as a URL shortcut, is a type of link file that points to a web page or other resource on the internet. These files can be created by the user or by an application, and can be used to quickly access a specific webpage. However, if a ".url" file is maliciously created by an attacker, it can contain a script or other code that will execute automatically when the file is opened. This can lead to the execution of malware, the stealing of personal information, or other malicious activity.

hence made a POC which uses this method by convincing the user to save and upload the saved file for data exfiltration.

Flags: sec-bounty?
Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Duplicate of bug: CVE-2023-25734
Resolution: --- → DUPLICATE
Flags: sec-bounty? → sec-bounty-

Congratulations, we have awarded a bug bounty for this issue. The award is split with bug 1809923 since it was filed within the "collision window" defined in our bug bounty policy.

Flags: sec-bounty- → sec-bounty+
Group: firefox-core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: