Closed
Bug 985059
Opened 10 years ago
Closed 7 years ago
Check for DLL injection with stub installer
Categories
(Firefox :: Installer, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1361326
People
(Reporter: kjozwiak, Unassigned)
References
Details
(Keywords: csectype-priv-escalation, sec-audit)
Attachments
(5 files, 1 obsolete file)
This issue is the exact same as Bug #945192 but will concentrate on the unknown DLL's that are being loaded while installing Firefox via the regular installer. Current progress can be found here: https://intranet.mozilla.org/User:Kjozwiak@mozilla.com/DLL_Hijacking_via_StubInstaller
|
Reporter | |
Updated•10 years ago
|
OS: Windows Phone 7 → Windows 7
|
||
Updated•10 years ago
|
Component: Application Update → Installer
Product: Toolkit → Firefox
|
|
Reporter | |
Comment 1•10 years ago
|
||
Comment #0 meant to say "loaded while installing Firefox via the regular Stub Installer"
|
|
Reporter | |
Updated•10 years ago
|
Summary: The updater.exe loads the bcrypt.dll from the working directory (Stub Installer) → Check for DLL injection with stub installer
|
|
Reporter | |
Comment 2•10 years ago
|
||
Quick Update: - Installed all the needed Win OS's (both x64 and x86 versions) - Went through each OS and listed all the unknown DLL's (went through this process twice to make sure nothing was missing) - Once the entire unknown DLL list was created, went through each OS one more time to make sure nothing was missed - Beginning to create the exploit DLL's using the utility/process mentioned in bug #945192 comment #10 (will be adding those steps in the wiki for future reference)
|
||
Comment 3•10 years ago
|
||
Kamil, has there been any progress here? Is there ongoing testing, or are you waiting for feedback from a developer? We'd like to know what's actionable here. Thanks.
Flags: needinfo?(kamiljoz)
|
|
Reporter | |
Comment 4•10 years ago
|
||
Matt, This is basically the same issue as bug #945192 but I split the work into three different tickets (Installer, Updater, Stub Installer) rather then adding it all into one giant ticket (there's a lot of information and DLL's). I as per Bug #945192 comment #17, I plan on finishing this up at the end of next week. I'm just finishing up some things with telemetry experiments. I have the environment/tools installed and just need to start creating the proxy DLL's and seeing if I can reproduce the issue with those unknown DLL's. (I'll update the ticket/wiki's accordingly)
Flags: needinfo?(kamiljoz)
|
|
Reporter | |
Comment 5•10 years ago
|
||
Current Progress: * Windows XP SP3 x86 [FOUND 0 DLL's] * Windows XP SP2 x64 [Found 1 POSSIBLE DLL] * Windows Vista x86 [FOUND 1 DLL & 1 CRASH] * Windows Vista x64 [FOUND 1 DLL & 1 CRASH] * Windows 7 x86 [FOUND 1 DLL] * Windows 7 x64 [FOUND 1 DLL]
|
|
Reporter | |
Comment 6•10 years ago
|
||
|
|
Reporter | |
Comment 7•10 years ago
|
||
|
|
Reporter | |
Comment 8•10 years ago
|
||
Finished going through the entire list of unknown DLL's, affected DLL's are highlighted bold and listed in the intra wiki from comment #0.
|
|
Reporter | |
Comment 9•10 years ago
|
||
|
|
Reporter | |
Comment 10•10 years ago
|
||
Added an incorrect DLL into the 7zip file earlier, this one is the correct version
Attachment #8413298 -
Attachment is obsolete: true
|
|
||
Updated•10 years ago
|
|
||
Comment 11•10 years ago
|
||
we have a blanket fix for this type of issue in review on updater now. We'll likely use that in installer code after that is done. Still a ways off, but just giving an update.
|
||
Updated•9 years ago
|
Group: core-security → firefox-core-security
|
||
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
|
||
Updated•4 years ago
|
Group: firefox-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•