Closed Bug 1813424 (CVE-2023-25742) Opened 1 year ago Closed 1 year ago

Web Crypto ImportKey crashes tab

Categories

(Core :: DOM: Web Crypto, defect)

Product:
Core
Component:
DOM: Web Crypto
Version:
Firefox 105
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
111 Branch
Tracking Flags:
Tracking Status
firefox-esr102 110+ fixed
firefox109 --- wontfix
firefox110 --- fixed
firefox111 --- fixed

People

(Reporter: goras.francesco, Assigned: keeler)

Details

(Keywords: sec-low, Whiteboard: [adv-main110+][adv-esr102.8+])

Attachments

(3 files)

WebCrypto-crash-ff.png
57.74 KB, image/png
Details
Bug 1813424 - webcrypto: check decoded key type before using r?jschanck
48 bytes, text/x-phabricator-request
pascalc
: approval-mozilla-beta+
pascalc
: approval-mozilla-esr102+
Details | Review
advisory.txt
168 bytes, text/plain
Details
Attached image WebCrypto-crash-ff.png

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0

Steps to reproduce:

Import an SPKI RSA Public Key but specify the type of the key as ECDSA P-256.

try {
await crypto.subtle.importKey(
"spki",
Buffer.from(pem, 'base64'),
{
name: "ECDSA",
namedCurve: curve
},
false,
["verify"]
);
} catch (err) {
console.error(err);
}

Contents of the pem variable:

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6kchlNLKPbvVTJrAhPP
B+b1JMODYEmVLS6jBBltlN4asrVzUIxstVzbmhElDBkWnqM0VsCqrgTGK/iCu4Hd
/Io8oABQlWvH+M/2Pync7HBtvXZcGCz9RXRTBaTlpAe8eR6CJjT0YmQOOFUXxUsf
95/hLOf2hSryelC+kIf0nCRCkHEUqpNdc8YUXDLnzoMWyClfsisn0lwmVWweWIuK
3CjmiDUP5O9zh7fiZpCRerr3emYCYjLtZfw3qeweDclSmVwErS2qPXgQw4L8DV5D
8oZZT01ckLZGIs3OTYxiUDvsHxLaNdmN0WnbsDiKBcqj7A3uMN6MkrWW/2d0uEwN
swIDAQAB

Actual results:

The tab crashed (as per screenshot).

Expected results:

I understand that this is caused by a misuse of the Webcrypto library.
However I believe an Error or Exception should be thrown instead of a crash.

Component: Untriaged → DOM: Web Crypto
Product: Firefox → Core
Assignee: nobody → dkeeler
Group: crypto-core-security
Severity: -- → S1
tracking-firefox110: --- → ?
tracking-firefox111: --- → ?
Priority: -- → P1

webcrypto: check decoded key type before using r=jschanck
https://hg.mozilla.org/integration/autoland/rev/8bd422f4177126ef4249894d0124c40a34f1b022
https://hg.mozilla.org/mozilla-central/rev/8bd422f41771

Group: crypto-core-security → core-security-release
Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
status-firefox111: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 111 Branch

Is the S1 severity on this bug correct? From the docs:

(Catastrophic) Blocks development/testing, may impact more than 25% of users, causes data loss, likely dot release driver, and no workaround available

Also, please nominate this for uplift if this is something you thing we need to fix across other branches as well. It grafts cleanly.

status-firefox109: --- → wontfix
status-firefox110: --- → affected
status-firefox-esr102: --- → affected
Flags: needinfo?(dkeeler)
Flags: in-testsuite+

No - I set that out of an abundance of caution. Somewhere between S2/3 is appropriate - it's mostly a denial-of-service issue, although there's a slight chance it could be exploited for something more serious, like an attacker reading memory they're not supposed to be able to.

Severity: S1 → S2
tracking-firefox110: ? → ---
tracking-firefox111: ? → ---
Flags: needinfo?(dkeeler)
Priority: P1 → --

Comment on attachment 9315250 [details]
Bug 1813424 - webcrypto: check decoded key type before using r?jschanck

Beta/Release Uplift Approval Request

  • User impact if declined: Mostly looks like a potential denial-of-service (crashing tabs). There's a possibility it could be used to read memory that otherwise wouldn't be accessible.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): The changes are very minimal, localized, and fairly clearly correct.
  • String changes made/needed: none
  • Is Android affected?: Yes

ESR Uplift Approval Request

  • If this is not a sec:{high,crit} bug, please state case for ESR consideration: Mostly looks like a potential denial-of-service (crashing tabs). There's a possibility it could be used to read memory that otherwise wouldn't be accessible.
  • User impact if declined: ^
  • Fix Landed on Version: 111
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): The changes are very minimal, localized, and fairly clearly correct.
Attachment #9315250 - Flags: approval-mozilla-esr102?
Attachment #9315250 - Flags: approval-mozilla-beta?

Comment on attachment 9315250 [details]
Bug 1813424 - webcrypto: check decoded key type before using r?jschanck

Approved for our last 110 beta, thanks.

Attachment #9315250 - Flags: approval-mozilla-beta? → approval-mozilla-beta+

Comment on attachment 9315250 [details]
Bug 1813424 - webcrypto: check decoded key type before using r?jschanck

Approved for ESR 102.8.0, thanks.

Attachment #9315250 - Flags: approval-mozilla-esr102? → approval-mozilla-esr102+
Whiteboard: [adv-main110+]
Whiteboard: [adv-main110+] → [adv-main110+][adv-esr102.8+]
Alias: CVE-2023-25742
QA Whiteboard: [post-critsmash-triage]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: