Closed Bug 509413 Opened 10 years ago Closed 10 years ago
Remote PKCS11 module installation from UNC path
Nelson: I understand you and Dan talked about this before he left. Any comments here?
Isn't this just a straight duplicate of bug 326628? Other than "backport bug 326628 to the 1.9.0 branch" I'm not sure what the expected resolution would be.
Whiteboard: [sg:moderate?] requires user accepting a prompt... seemingly a dup of bug 326628
That's what Nelson said, too. We missed the UNC path issue which makes it sg:critical rather than sg:moderate (bug 326628 comment 23). We should backport this--but note bug 326628 comment 52 / bug 495756.
Why is it sg:critical? It can't be exploited without explicit user interaction.
Between the prompt being confusing and the attacker being able to put the prompt in a while(1) loop, I imagine it would have a pretty high chance of success.
Benjamin: Can you work on backporting bug 326628 to the 1.9.0 branch?
Flags: blocking188.8.131.52? → blocking184.108.40.206+
Severity: blocker → major
Whiteboard: [sg:critical] requires user accepting a prompt... seemingly a dup of bug 326628 → [sg:critical][fix in 326628] requires user accepting a prompt... seemingly a dup of bug 326628
Fixed or duplicate of bug 326628 (fixed for 220.127.116.11 also).
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.