Closed Bug 1828716 (CVE-2023-32214) Opened 2 years ago Closed 2 years ago

“ms-cxh” and “ms-cxh-full” protocol handlers considered harmful

Categories

(Firefox :: File Handling, defect)

Product:
Firefox
Component:
File Handling
Platform:
Desktop
All
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
114 Branch
Tracking Flags:
Tracking Status
firefox-esr102 113+ fixed
firefox112 --- wontfix
firefox113 + fixed
firefox114 + fixed

People

(Reporter: Gijs, Assigned: Gijs)

References

Details

(Keywords: csectype-dos, sec-low, Whiteboard: [adv-main113+][adv-ESR102.11+])

Attachments

(3 files, 1 obsolete file)

Bug 1828716, r?sclements
48 bytes, text/x-phabricator-request
RyanVM
: approval-mozilla-esr102+
Details | Review
Bug 1828716, r?sclements
48 bytes, text/x-phabricator-request
RyanVM
: approval-mozilla-beta+
Details | Review
advisory.txt
273 bytes, text/plain
Details

These protocol handlers exist on Win10 and they can do things like soft-locking the machine. They probably shouldn't be accessible through the browser by default.

r=sclements
https://hg.mozilla.org/integration/autoland/rev/39efb7cf2eb42fb6f8f7e9b601c7ffcc262e81aa
https://hg.mozilla.org/mozilla-central/rev/39efb7cf2eb4

Group: firefox-core-security → core-security-release
Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox114: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 114 Branch

The patch landed in nightly and beta is affected.
:Gijs, is this bug important enough to require an uplift?

  • If yes, please nominate the patch for beta approval.
  • If no, please set status-firefox113 to wontfix.

For more information, please visit auto_nag documentation.

Flags: needinfo?(gijskruitbosch+bugs)

Uplift Approval Request

  • Is Android affected?: no
  • String changes made/needed: No
  • Needs manual QE test: no
  • User impact if declined: potential security hole
  • Risk associated with taking this patch: Low
  • Explanation of risk level: Just adding prefs to block certain protocols in ways we've done numerous times before
  • Code covered by automated testing: no
  • Fix verified in Nightly: no
  • Steps to reproduce for manual QE testing: N/A
Flags: needinfo?(gijskruitbosch+bugs)

Comment on attachment 9329096 [details]
Bug 1828716, r?sclements

Approved for 102.11esr.

Attachment #9329096 - Flags: approval-mozilla-esr102+
Whiteboard: [adv-main113+r]
Whiteboard: [adv-main113+r] → [adv-main113+][adv-ESR102.11+]
Flags: qe-verify-
Attached file advisory.txt (obsolete) —
Attached file advisory.txt
Attachment #9331259 - Attachment is obsolete: true
Alias: CVE-2023-32214
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: