Closed Bug 809373 Opened 12 years ago Closed 12 years ago

DLL Hijacking - Firefox installer

Categories

(Firefox :: Installer, defect)

Product:
Firefox
Component:
Installer
Platform:
x86
Windows 8
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 792106

People

(Reporter: mcsmurf, Unassigned)

Details

This issue is basically Bug 792106 being duplicated, just with another DLL name. To reproduce: 1. Download current Firefox trunk installer 2. Download trojan DLL from Bug 792106, save it with file name "cryptbase.dll" and place it next to the Firefox installer in the same folder (I assume for now that everyone that can access this bug here can also access that bug) 3. Execute Firefox installer Results: Observe in Task Manaager that a lot of cmd.exe processes get launched when launching the installer. This should not happen.
Conclusions from Bug 792106 Comment 9 still seem to apply: "1) You can reproduce that it launches high integrity cmd processes by right clicking and running as administrator 2) If you just double click and let NSIS do the UAC elevation though, you cannot reproduce. In this case cmd.exe is started, but they are started at medium integrity and if the user has access to the downloads directory, they are already running as that."
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Group: core-security
Component: NSIS Installer → Installer
Product: Toolkit → Firefox
You need to log in before you can comment on or make changes to this bug.