Open
Bug 557415
Opened 14 years ago
Updated 2 years ago
2 JS LiveConnect Vulnerabilities.
Categories
(Firefox :: Security, defect)
Tracking
()
UNCONFIRMED
People
(Reporter: info, Unassigned)
Details
Attachments
(3 files)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Hope you all had a Happy Easter, I have two Easter eggs that are related, created to raise a little more awareness of the problematic LiveConnect technology that is still supported by Mozilla. 1st Bug: Computer name & Path discovery. Found a new way to discover the Computer name and location of a file through JS LiveConnect. Note; This happened before with a htmlFor bug on a HTML FILE field, and got fixed not too long ago. This is another approach, using the Java LiveConnect package to reach the same objective. 2nd Bug: Not sure how to call this one. It utilizes JS LiveConnect again to access a Floppy drive (or any drive), it cannot read nor write, but obviously makes your Floppy drive makes funny noises. Throw it in a loop, and you get more fun you've bargained for. See the PoC's for all the fun. Reproducible: Always Steps to Reproduce: 1. Open PoC's 2. Run it 3. Smile! Actual Results: A website discovers my Computer name, and can make my floppy make funny noises. Sometimes it crashes in various different setups. Expected Results: Bug 1: Strip out the computer name and path name. (like the FILE field) Bug 2: Don't allows JS to open/access drives without permission. PoC summary: http://pastie.org/904887 PoC 1: http://www.scarletred.nl/poc/cptest.html PoC 2: http://www.scarletred.nl/poc/floppy.html
Reporter | ||
Comment 1•14 years ago
|
||
Reporter | ||
Comment 2•14 years ago
|
||
Reporter | ||
Updated•14 years ago
|
Severity: major → normal
Reporter | ||
Comment 3•14 years ago
|
||
Firefox crashed too, no log. Happens randomly.
Reporter | ||
Comment 5•14 years ago
|
||
No I haven't, according to their crash log it happened outside their VM; in XUL.dll I added the log so you can see which version of java I use, plus my configuration/setup. I cannot make Bug #2 crash consistently yet, but it seems pretty unstable at times.
sorry, it's been a while since i've had to read java logs. https://developer.mozilla.org/En/How_to_get_a_stacktrace_with_WinDbg
Reporter | ||
Comment 7•14 years ago
|
||
Just learned that Mozilla now hooks everything into the Java plugin instead of relying on LiveConnect. Wow pretty bad decision in my opinion. I just upgraded and noticed that Java cannot be disabled anymore in about:config, instead you have to remove the plugin? Given this, does that mean that Sun is now responsible for these two bugs?
Updated•13 years ago
|
Version: unspecified → 3.6 Branch
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•