Remove code evaluating in consoles

RESOLVED DUPLICATE of bug 664589

Status

()

Firefox
Developer Tools: Console
--
critical
RESOLVED DUPLICATE of bug 664589
5 years ago
5 years ago

People

(Reporter: Brandon Sky Pimenta, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 years ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0.1) Gecko/20100101 Firefox/6.0.1
Build ID: 20110830092941

Steps to reproduce:

The Evaluator should be removed from the Error Console (EC) and Web Console (WC), which is vulnerable to a critical security exploit that allows an attacker to run arbitrary code on a 3rd-party server.

For example, an attacker can run arbitary code such as this:

var target="127.0.0.1"; hack(target); shutdown(target);

This security exploit should be resolved as soon as possible.



Actual results:

The Evaluator is still on the consoles. This evaluator should be removed per the description.


Expected results:

The Evaluator should not be on any consoles anymore.
(Reporter)

Updated

5 years ago
Severity: normal → critical
(Reporter)

Updated

5 years ago
Component: Untriaged → Developer Tools: Console
OS: Mac OS X → All
Hardware: x86 → All
(Reporter)

Updated

5 years ago
Blocks: 301375
How many entities are involved in your scenario, three (attacker, user, server) or two (attacker/user and server)? Are you proposing a way for a remote attacker to compromise the user? If so we'll need more information.

If the user -is- the attacker then the server needs to be robust against that situation in any case: the internet is a hostile place. The code running abilities of the console are no different than add-ons or a custom client could do.
There's also the case of "socially engineered malware", such as the cases where people convince e.g. facebook users to run a javascript: url in the address bar. That was common enough that we removed that feature, and we discussed the possibility that attackers will switch the attacks to developer tools. We are monitoring that situation. If that is what this bug is about it is a dupe of an earlier bug.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → INCOMPLETE
(Reporter)

Comment 3

5 years ago
Reopening
Status: RESOLVED → UNCONFIRMED
Resolution: INCOMPLETE → ---

Updated

5 years ago
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 years ago5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 664589
You need to log in before you can comment on or make changes to this bug.