Closed Bug 829268 Opened 11 years ago Closed 11 years ago

Windows 8 Metro Firefox Sec Review: review command execution handler

Categories

(mozilla.org :: Security Assurance, task)

Product:
mozilla.org
Component:
Security Assurance
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: curtisk, Assigned: dchanm+bugzilla)

References

Details

Action item from review to review the command execution handler
Priority: P4 → --
Jim: Where in the elm branch would I find the code for the command execution handler?

Is it under browser/metro or another directory?

https://hg.mozilla.org/projects/elm/summary
Flags: needinfo?(jmathies)
Sorry for the delay :jimm,

I finally got around to looking at the CEH code and it looks okay to me.

My one comment is the handling of DX10 mode. The CEH checks the registry for a DX10 key, and falls back to feature detection if this key is not found. [1] There is a corner case where if the system changes, DX10 support may not align with the current hardware support, e.g. adding / removing video card / card drivers.

Links and URLs are only handled if Firefox is the default desktop / immersive browser. Desktop Firefox is executed with ShellExecute with the target exe and parameters individually set. This avoids possible command line injections. Metro browser requests go through IApplicationActivationManager to launch / handle the metro browser and its arguments. Injection isn't possible through this interface since you declare the target program through its app model id and arguments are passed as a separate string.

I'm going to close off this part of the review as RESOVLED

[1] - http://mxr.mozilla.org/projects-central/source/elm/browser/metro/shell/commandexecutehandler/CEHHelper.cpp#61
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.