Closed Bug 883322 Opened 7 years ago Closed 7 years ago

Medium integrity DLL Hijacking - Thunderbird and SeaMonkey Full installer

Categories

(MailNews Core :: Build Config, defect)

x86_64
Windows 7
defect
Not set

Tracking

(b2g18 unaffected, thunderbird22 wontfix, thunderbird23+ fixed, thunderbird-esr17 unaffected, seamonkey2.18 wontfix, seamonkey2.19 wontfix, seamonkey2.20 fixed, seamonkey2.21 affected)

RESOLVED FIXED
Thunderbird 24.0
Tracking Status
b2g18 --- unaffected
thunderbird22 --- wontfix
thunderbird23 + fixed
thunderbird-esr17 --- unaffected
seamonkey2.18 --- wontfix
seamonkey2.19 --- wontfix
seamonkey2.20 --- fixed
seamonkey2.21 --- affected

People

(Reporter: Callek, Assigned: rstrong)

References

Details

(Keywords: csectype-priv-escalation, sec-moderate)

Attachments

(1 file)

+++ This bug was initially created as a clone of Bug #883165 +++

+++ This bug was initially created as a clone of Bug #811557 which was initially created as a clone of Bug #792106 +++

Specifically (from bug 811557 comment #42)
Windows 8 x64:
C:\Windows\SysWOW64\oleacc.dll <- CMD.EXE was launched in MEDIUM integrity

Windows XP Pro SP2 x64:
C:\WINDOWS\SysWOW64\apphelp.dll <- Several CMD.EXE where launched (not sure what integrity level)

Full results are being added here as we test:
https://intranet.mozilla.org/User:Ahughes@mozilla.com/DLL_Hijacking
Group: core-security
Assignee: nobody → robert.bugzilla
Status: NEW → ASSIGNED
Comment on attachment 762891 [details] [diff] [review]
patch rev1 - updated SeaMonkey and Thunderbird 7zSD.sfx

Review of attachment 762891 [details] [diff] [review]:
-----------------------------------------------------------------

I don't know a good way to verify the binary, but memory serves that we just use(d) the firefox created binary with no issues. so r+ based on that understanding.
Attachment #762891 - Flags: review?(bugspam.Callek) → review+
Pushed to comm-central
https://hg.mozilla.org/comm-central/rev/dfe341a46e21

This should probably be pushed to other branches as well when bug 883165 is pushed to other branches though I'd prefer to not shepard it to those branches.
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Thanks for the patch, looks good :)
Comment on attachment 762891 [details] [diff] [review]
patch rev1 - updated SeaMonkey and Thunderbird 7zSD.sfx

I can't officially mark this component approval+ but approval+=me for landing on comm-aurora
Attachment #762891 - Flags: approval-comm-aurora?
Attachment #762891 - Flags: approval-comm-aurora? → approval-comm-aurora+
Target Milestone: --- → Thunderbird 24.0
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.