Closed Bug 330037 Opened 16 years ago Closed 16 years ago
Embed Propertypage Remote Compromise (version 2)
Well, this fixes it for me, by moving some code in nsScriptSecurityManager.cpp.
The code in the plugin finder is: http://lxr.mozilla.org/seamonkey/source/toolkit/mozapps/plugins/content/pluginInstallerWizard.js#566 This is probably a stupid question, but would the evalInSandbox stuff (http://developer.mozilla.org/en/docs/evalInSandbox) be any better for this code?
Another example of the evils of string URL compares rather than principal compares.
Comment on attachment 214683 [details] [diff] [review] patch This is good as a band-aide. r/sr=dveditz
Assignee: nobody → martijn.martijn
I filed bug 330102 on myself to switch the code to nsIPrincipal
Sorry, but do I need sr+ for the patch?
Comment on attachment 214683 [details] [diff] [review] patch Generally, yes. ;)
Attachment #214683 - Flags: superreview+
Checking in caps/src/nsScriptSecurityManager.cpp; /cvsroot/mozilla/caps/src/nsScriptSecurityManager.cpp,v <-- nsScriptSecurityMa nager.cpp new revision: 1.289; previous revision: 1.288 done Checked into trunk.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Checked in on the 1.8 branch. mozilla/caps/src/nsScriptSecurityManager.cpp; new revision: 1.266.2.10;
OS: Windows XP → All
Hardware: PC → All
Component: Plugin Finder Service → Security
Product: Firefox → Core
Version: 1.5.0.x Branch → Trunk
Comment on attachment 214683 [details] [diff] [review] patch approved for 1.8.0 branch, a=dveditz for drivers
Attachment #214683 - Flags: approval22.214.171.124? → approval126.96.36.199+
v.fixed on 1.8.0 branch: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:188.8.131.52) Gecko/20060508 Firefox/184.108.40.206 with testcase.
Impact lowered to "moderate" given the user interaction required. A legit "manual" install button is used to download and install and that could be malware as well, the only difference is this exploit removes one last chance for the user to think better of running the downloaded install.
Whiteboard: [sg:critical] → [sg:moderate]
You need to log in before you can comment on or make changes to this bug.