Closed
Bug 293330
Opened 20 years ago
Closed 20 years ago
Remove XPI install delay without changing any about:config prefs
Categories
(Toolkit :: Add-ons Manager, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: matthew, Unassigned)
References
Details
(Keywords: fixed-aviary1.0.4, Whiteboard: [sg:fix] depends on 292499)
Attachments
(1 file)
|
380 bytes,
text/html
|
Details |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050416 Fedora/1.0.3-1.3.1 Firefox/1.0.3
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050416 Fedora/1.0.3-1.3.1 Firefox/1.0.3
My report to security@mozilla.org:
An attacker can "kill" the XPI delay on the installation dialog by providing a
javascript IconURL that throws an exception. In the sample exploit, "alert" is
used as it doesn't exist on a chrome window and throws an exception. The sample
exploit tricks the user into installing an XPI by making them press enter over
and over, then popping up the "no wait" dialog. Without the delay, a user may
inadvertently install a malicious XPI.
See attached testcase.
Reproducible: Always
Steps to Reproduce:
|
Reporter | |
Comment 1•20 years ago
|
||
|
||
Comment 2•20 years ago
|
||
Confirming. Depends on bug 292499
Status: UNCONFIRMED → NEW
Ever confirmed: true
Whiteboard: [sg:fix] depends on 292499
|
|
||
Updated•20 years ago
|
Flags: blocking-aviary1.1+
Flags: blocking-aviary1.0.4+
|
|
||
Comment 3•20 years ago
|
||
javascript icons no longer allowed, so thrown exceptions won't mess up the delay
count.
Status: NEW → RESOLVED
Closed: 20 years ago
Depends on: 292499
Keywords: fixed-aviary1.0.4
Resolution: --- → FIXED
|
|
||
Updated•20 years ago
|
Group: security
|
|
||
Updated•20 years ago
|
Flags: blocking-aviary1.0.5+ → blocking-aviary1.0.4+
|
Assignee | |
Updated•17 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•