Medium integrity DLL Hijacking - Thunderbird and SeaMonkey Full installer

RESOLVED FIXED in Thunderbird 24.0

Status

MailNews Core
Build Config
RESOLVED FIXED
4 years ago
a year ago

People

(Reporter: Callek, Assigned: rstrong)

Tracking

({csectype-priv-escalation, sec-moderate})

unspecified
Thunderbird 24.0
x86_64
Windows 7
csectype-priv-escalation, sec-moderate
Dependency tree / graph

Firefox Tracking Flags

(b2g18 unaffected, thunderbird22 wontfix, thunderbird23+ fixed, thunderbird-esr17 unaffected, seamonkey2.18 wontfix, seamonkey2.19 wontfix, seamonkey2.20 fixed, seamonkey2.21 affected)

Details

Attachments

(1 attachment)

(Reporter)

Description

4 years ago
+++ This bug was initially created as a clone of Bug #883165 +++

+++ This bug was initially created as a clone of Bug #811557 which was initially created as a clone of Bug #792106 +++

Specifically (from bug 811557 comment #42)
Windows 8 x64:
C:\Windows\SysWOW64\oleacc.dll <- CMD.EXE was launched in MEDIUM integrity

Windows XP Pro SP2 x64:
C:\WINDOWS\SysWOW64\apphelp.dll <- Several CMD.EXE where launched (not sure what integrity level)

Full results are being added here as we test:
https://intranet.mozilla.org/User:Ahughes@mozilla.com/DLL_Hijacking
(Reporter)

Updated

4 years ago
Group: core-security
Assignee: nobody → robert.bugzilla
Status: NEW → ASSIGNED
Created attachment 762891 [details] [diff] [review]
patch rev1 - updated SeaMonkey and Thunderbird 7zSD.sfx
Attachment #762891 - Flags: review?(bugspam.Callek)
(Reporter)

Comment 2

4 years ago
Comment on attachment 762891 [details] [diff] [review]
patch rev1 - updated SeaMonkey and Thunderbird 7zSD.sfx

Review of attachment 762891 [details] [diff] [review]:
-----------------------------------------------------------------

I don't know a good way to verify the binary, but memory serves that we just use(d) the firefox created binary with no issues. so r+ based on that understanding.
Attachment #762891 - Flags: review?(bugspam.Callek) → review+
Pushed to comm-central
https://hg.mozilla.org/comm-central/rev/dfe341a46e21

This should probably be pushed to other branches as well when bug 883165 is pushed to other branches though I'd prefer to not shepard it to those branches.
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
Thanks for the patch, looks good :)
(Reporter)

Comment 5

4 years ago
Comment on attachment 762891 [details] [diff] [review]
patch rev1 - updated SeaMonkey and Thunderbird 7zSD.sfx

I can't officially mark this component approval+ but approval+=me for landing on comm-aurora
Attachment #762891 - Flags: approval-comm-aurora?
Attachment #762891 - Flags: approval-comm-aurora? → approval-comm-aurora+
status-thunderbird24: affected → ---
tracking-thunderbird23: ? → +
tracking-thunderbird24: ? → ---
Target Milestone: --- → Thunderbird 24.0
https://hg.mozilla.org/releases/comm-aurora/rev/717c4e2c623c
status-seamonkey2.20: affected → fixed
status-thunderbird23: affected → fixed
status-b2g18: --- → unaffected

Updated

2 years ago
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.