Closed Bug 443778 Opened 17 years ago Closed 13 years ago

Installing with 'Run As' and launching Firefox from the installer launches as a user different than the one installing and leads to a potential exploit of Save As during that session

Categories

(Firefox :: Installer, defect)

Product:
Firefox
Component:
Installer
Version:
3.0 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: ah.alan.harrison, Unassigned)

Details

(Whiteboard: [testday-20120615])

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 Installing Firefox to the Program Files directory from a non-su account in Windows XP requires "Run As"ing the install file with admin privileges. This is normal. However, Firefox then installs with Admin privileges and defaults to the Admin account directory tree - regardless which account it's run under. That means that when I go to "save as" a linked file, from a non-su account, I can save the file into any directory that Admin would have access to (i.e. admin's personal folders, system folders, the Windows TM Registry TM ... etc.) ;-> .. .. .. :-O .. .. .. 8-[ Reproducible: Always Steps to Reproduce: 1. install Firefox to a Win XP computer from a user (non Administrator) account, using "Run As" to install into the Program Files directory 2. run newly-installed Firefox 3. right-click a link and select "Save As" ... take a close look at the displayed "home" directory ... it won't match the user's home directory 4. just for fun, try saving to a deep branch of the Windows System folder. Actual Results: saved a harmless .pdf to my Windows System folder Expected Results: Should not have been able to save a download to my Windows System folder from a user account.
You chose "run as" and hence are running as the user you selected to "run as" from the Wizard's finish page. As far as I know any installer - or for that matter application - will run as the user you select via "run as" along with the privileges. Can you provide an example where this isn't the case? As far as I know this is the expected behavior when using "run as".
Are you talking about the behavior when launching it from the installer itself? Or does this also happen if you shut down the installer, and then separately launch the browser without using "Run As"? I can't reproduce the latter, after the installer is done Firefox is nicely sandboxed to the limited-user's account.
Group: core-security
I believe the steps that were used are run the installer using "run as" and then launching the application from the installer.
At best we could remove launching the app from the installer to mitigate the case where a user launches the installer using "run as". Leaving open for a decision regarding whether we should do this for security reasons. dveditz?
Dan, I believe this is wontfix unless you think we should remove the option to launch Firefox after installation. Can I get your input?
Summary: Windows XP requires Admin privileges for install, which leads to a potential exploit of Save As. → Installing with 'Run As' and launching Firefox from the installer launches as a user different than the one installing and leads to a potential exploit of Save As during that session
Version: unspecified → 3.0 Branch
Firefox 3.0 is now EOL, please try latest version of Firefox and feel free to open if it reproducible on latest build * http://getfirefox.com for support * https://support.mozilla.org/questions/new
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
Whiteboard: [testday-20120615]
Firefox 3.0 is now EOL, please try latest version of Firefox and feel free to open if it reproducible on latest build * http://getfirefox.com for support * https://support.mozilla.org/questions/new
You need to log in before you can comment on or make changes to this bug.