Closed Bug 828768 Opened 8 years ago Closed 7 years ago

Review file launch handlers in Metro

Categories

(Firefox for Metro Graveyard :: Shell, defect, P1)

x86_64
Windows 8.1
defect

Tracking

(firefox28 unaffected, firefox29 unaffected)

VERIFIED FIXED
Firefox 28
Tracking Status
firefox28 --- unaffected
firefox29 --- unaffected

People

(Reporter: bbondy, Assigned: jimm)

References

Details

(Whiteboard: [release28] [from secreview] p=2 s=it-30c-29a-28b.1 r=ff28 [qa-])

Review code in nsExternalHelperAppService.cpp or nsExternalProtocolHandler.cpp to make sure another process cannot start a third party application that it shouldn't be able to. 

In particular perhaps via the search charm which another Metro app (running as integrity level: app container) could start the Metro browser which is run as a medium integrity level process.
Whiteboard: [from secreview]
Whiteboard: [from secreview] → [beta28][from secreview]
Whiteboard: [beta28][from secreview] → [beta28][from secreview] [work]
Whiteboard: [beta28][from secreview] [work] → [beta28] [from secreview] p=0
Whiteboard: [beta28] [from secreview] p=0 → [beta28] [from secreview] p=5
Assignee: nobody → jmathies
Whiteboard: [beta28] [from secreview] p=5 → [beta28] [from secreview] p=2
Blocks: metrov1it23
No longer blocks: metrov1backlog
Status: NEW → ASSIGNED
Priority: -- → P2
QA Contact: jbecerra
Whiteboard: [beta28] [from secreview] p=2 → [release28] [from secreview] p=2
Blocks: metrov1backlog
No longer blocks: metrov1it23
Priority: P2 → P1
Whiteboard: [release28] [from secreview] p=2 → [release28] [from secreview] p=2 s=it-30c-29a-28b.1
Searches all pass through FrameworkView::PerformSearch, which takes converts all keywords to quoted strings and pas them through command line runner with the search parameter.  

http://mxr.mozilla.org/mozilla-central/source/widget/windows/winrt/MetroContracts.cpp#294

I don't see any way for this to trigger 3rd party application launch.

For downloaded files we pass everything through the download manager just like we do on desktop. File handling sometimes calls shell execute if the user asks us to run. But we prompt for permission first for executable content, just like desktop. So again, no issue here afaict.

For uris, we validate everything through winrt's IUriRuntimeClass, so nothing is going to pass through there that isn't a valid format.

Overall, not seeing any issues with our handling here.
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 28
Whiteboard: [release28] [from secreview] p=2 s=it-30c-29a-28b.1 → [release28] [from secreview] p=2 s=it-30c-29a-28b.1 r=ff28
Could anyone please give guidance in order for the QA to verify this?
Flags: needinfo?(jmathies)
Nothing to do here, this was a dev specific task about inspecting behavior looking for issues. No changes were made to the product.
Flags: needinfo?(jmathies)
Whiteboard: [release28] [from secreview] p=2 s=it-30c-29a-28b.1 r=ff28 → [release28] [from secreview] p=2 s=it-30c-29a-28b.1 r=ff28 [qa-]
Status: RESOLVED → VERIFIED
OS: Windows 8 Metro → Windows 8.1
You need to log in before you can comment on or make changes to this bug.