Closed
Bug 883322
Opened 12 years ago
Closed 12 years ago
Medium integrity DLL Hijacking - Thunderbird and SeaMonkey Full installer
Categories
(MailNews Core :: Build Config, defect)
Tracking
(b2g18 unaffected, thunderbird22 wontfix, thunderbird23+ fixed, thunderbird-esr17 unaffected, seamonkey2.18 wontfix, seamonkey2.19 wontfix, seamonkey2.20 fixed, seamonkey2.21 affected)
RESOLVED
FIXED
Thunderbird 24.0
| Tracking | Status | |
|---|---|---|
| b2g18 | --- | unaffected |
| thunderbird22 | --- | wontfix |
| thunderbird23 | + | fixed |
| thunderbird-esr17 | --- | unaffected |
| seamonkey2.18 | --- | wontfix |
| seamonkey2.19 | --- | wontfix |
| seamonkey2.20 | --- | fixed |
| seamonkey2.21 | --- | affected |
People
(Reporter: Callek, Assigned: robert.strong.bugs)
References
Details
(Keywords: csectype-priv-escalation, sec-moderate)
Attachments
(1 file)
|
160.44 KB,
patch
|
Callek
:
review+
standard8
:
approval-comm-aurora+
|
Details | Diff | Splinter Review |
+++ This bug was initially created as a clone of Bug #883165 +++
+++ This bug was initially created as a clone of Bug #811557 which was initially created as a clone of Bug #792106 +++
Specifically (from bug 811557 comment #42)
Windows 8 x64:
C:\Windows\SysWOW64\oleacc.dll <- CMD.EXE was launched in MEDIUM integrity
Windows XP Pro SP2 x64:
C:\WINDOWS\SysWOW64\apphelp.dll <- Several CMD.EXE where launched (not sure what integrity level)
Full results are being added here as we test:
https://intranet.mozilla.org/User:Ahughes@mozilla.com/DLL_Hijacking
|
Reporter | |
Updated•12 years ago
|
Group: core-security
|
Assignee | |
Updated•12 years ago
|
Assignee: nobody → robert.bugzilla
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 1•12 years ago
|
||
Attachment #762891 -
Flags: review?(bugspam.Callek)
|
|
Reporter | |
Comment 2•12 years ago
|
||
Comment on attachment 762891 [details] [diff] [review]
patch rev1 - updated SeaMonkey and Thunderbird 7zSD.sfx
Review of attachment 762891 [details] [diff] [review]:
-----------------------------------------------------------------
I don't know a good way to verify the binary, but memory serves that we just use(d) the firefox created binary with no issues. so r+ based on that understanding.
Attachment #762891 -
Flags: review?(bugspam.Callek) → review+
|
|
Assignee | |
Comment 3•12 years ago
|
||
Pushed to comm-central
https://hg.mozilla.org/comm-central/rev/dfe341a46e21
This should probably be pushed to other branches as well when bug 883165 is pushed to other branches though I'd prefer to not shepard it to those branches.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
||
Comment 4•12 years ago
|
||
Thanks for the patch, looks good :)
|
|
Reporter | |
Comment 5•12 years ago
|
||
Comment on attachment 762891 [details] [diff] [review]
patch rev1 - updated SeaMonkey and Thunderbird 7zSD.sfx
I can't officially mark this component approval+ but approval+=me for landing on comm-aurora
Attachment #762891 -
Flags: approval-comm-aurora?
|
||
Updated•12 years ago
|
Attachment #762891 -
Flags: approval-comm-aurora? → approval-comm-aurora+
|
|
||
Updated•12 years ago
|
status-thunderbird24:
affected → ---
tracking-thunderbird24:
? → ---
Target Milestone: --- → Thunderbird 24.0
|
|
||
Comment 6•12 years ago
|
||
|
||
Updated•11 years ago
|
status-b2g18:
--- → unaffected
|
||
Updated•9 years ago
|
Group: core-security → core-security-release
|
||
Updated•9 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•