Review file launch handlers in Metro

VERIFIED FIXED in Firefox 28

Status

defect
P1
normal
VERIFIED FIXED
7 years ago
5 years ago

People

(Reporter: bbondy, Assigned: jimm)

Tracking

Trunk
Firefox 28
x86_64
Windows 8.1
Dependency tree / graph

Firefox Tracking Flags

(firefox28 unaffected, firefox29 unaffected)

Details

(Whiteboard: [release28] [from secreview] p=2 s=it-30c-29a-28b.1 r=ff28 [qa-])

Review code in nsExternalHelperAppService.cpp or nsExternalProtocolHandler.cpp to make sure another process cannot start a third party application that it shouldn't be able to. 

In particular perhaps via the search charm which another Metro app (running as integrity level: app container) could start the Metro browser which is run as a medium integrity level process.
Whiteboard: [from secreview]
Whiteboard: [from secreview] → [beta28][from secreview]
Whiteboard: [beta28][from secreview] → [beta28][from secreview] [work]
Whiteboard: [beta28][from secreview] [work] → [beta28] [from secreview] p=0
Whiteboard: [beta28] [from secreview] p=0 → [beta28] [from secreview] p=5
Assignee: nobody → jmathies
Whiteboard: [beta28] [from secreview] p=5 → [beta28] [from secreview] p=2
Blocks: metrov1it23
No longer blocks: metrov1backlog
Status: NEW → ASSIGNED
Priority: -- → P2
QA Contact: jbecerra
Whiteboard: [beta28] [from secreview] p=2 → [release28] [from secreview] p=2
Blocks: metrov1backlog
No longer blocks: metrov1it23
Priority: P2 → P1
Whiteboard: [release28] [from secreview] p=2 → [release28] [from secreview] p=2 s=it-30c-29a-28b.1
Searches all pass through FrameworkView::PerformSearch, which takes converts all keywords to quoted strings and pas them through command line runner with the search parameter.  

http://mxr.mozilla.org/mozilla-central/source/widget/windows/winrt/MetroContracts.cpp#294

I don't see any way for this to trigger 3rd party application launch.

For downloaded files we pass everything through the download manager just like we do on desktop. File handling sometimes calls shell execute if the user asks us to run. But we prompt for permission first for executable content, just like desktop. So again, no issue here afaict.

For uris, we validate everything through winrt's IUriRuntimeClass, so nothing is going to pass through there that isn't a valid format.

Overall, not seeing any issues with our handling here.
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 28
Whiteboard: [release28] [from secreview] p=2 s=it-30c-29a-28b.1 → [release28] [from secreview] p=2 s=it-30c-29a-28b.1 r=ff28
Could anyone please give guidance in order for the QA to verify this?
Flags: needinfo?(jmathies)
Nothing to do here, this was a dev specific task about inspecting behavior looking for issues. No changes were made to the product.
Flags: needinfo?(jmathies)
Whiteboard: [release28] [from secreview] p=2 s=it-30c-29a-28b.1 r=ff28 → [release28] [from secreview] p=2 s=it-30c-29a-28b.1 r=ff28 [qa-]
Status: RESOLVED → VERIFIED
OS: Windows 8 Metro → Windows 8.1
You need to log in before you can comment on or make changes to this bug.