Closed
Bug 393545
Opened 17 years ago
Closed 17 years ago
Remote script loaded by Trailfire version 1.1.11748.63, and possibly others
Categories
(addons.mozilla.org Graveyard :: Administration, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: Gijs, Assigned: fligtar)
References
()
Details
(Whiteboard: [sandboxed])
The overlay.xul for the Trailfire extension references a remote script. This is a security problem, given now we can't review that code, MITM attacks have lots of new possibilities, and all the other niceties you get from privileged web scripts. As the original reporter wrote, this: 1: May slow browser startup (not sure how caching works in this case) 2: Abandons a significant security benefit of other extensions, namely the ability of knowledgeable persons to review the code for malicious behavior and security flaws. As is, the owner of the trailfire.com domain can change its behavior at any time or make its behavior ip-specific. 3: Since the script has chrome privileges, an attacker using DNS poisoning can run arbitrary code. 4: If the trailfire.com domain legitimately changes hands, the new owner inherits ability to run arbitrary code. The relevant source code line is line 11 of overlay.xul I'm not sure how easy it will be to audit all the other extensions for this kind of thing. Searching for src=["']http would probably help, I guess. (Not marking this as security sensitive since it's not the actual AMO site that has trouble. If this assessment is wrong, please do correct me)
Assignee | ||
Comment 1•17 years ago
|
||
https://addons.mozilla.org/en-US/firefox/files/browse/16985 Trailfire author e-mailed on 11/5 and asked to fix or reply within 2 weeks.
Assignee: nobody → fligtar
Whiteboard: [notified 11/5]
Comment 2•17 years ago
|
||
Has this issue been fixed?
Assignee | ||
Comment 3•17 years ago
|
||
Since the authors did reply to the original notice and inquired about how to fix it, I gave them until Friday this week to update.
Whiteboard: [notified 11/5] → [fix by 11/30]
Assignee | ||
Comment 4•17 years ago
|
||
Authors have still not provided an update after 2 extensions of time - add-on has been sandboxed.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Whiteboard: [fix by 11/30] → [sandboxed]
Updated•16 years ago
|
Component: Add-ons → Administration
QA Contact: add-ons → administration
Updated•8 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•