Question

Acest fir de discuție a fost arhivat. Adresează o întrebare nouă dacă ai nevoie de ajutor.

"Content-Type" header code execution

5 răspunsuri
1 are această problemă
14 vizualizări
Ultimul răspuns de jscher2000 - Support Volunteer

acum 2 ani

cobbfan221

02.02.2022, 05:35

We are looking to find a fix for the code execution bug found in May of 2021:

Mozilla Firefox is vulnerable to code execution by a remote attacker who can convince a user to open a malicious file. By manipulating the "Content-Type" header of a file the attacker can cause Firefox to execute scripts concealed in files that appear to be of non-executable types.

We are looking to find a fix for the code execution bug found in May of 2021: Mozilla Firefox is vulnerable to code execution by a remote attacker who can convince a user to open a malicious file. By manipulating the "Content-Type" header of a file the attacker can cause Firefox to execute scripts concealed in files that appear to be of non-executable types.

Soluție aleasă

If you use my test document you will see that Firefox 96 still works the same way: when the server indicates this combination:

Content-Type: text/html Content-Disposition: attachment; filename=test.jpg

Firefox corrects the file name during the save process from test.jpg to test.jpg.html and you can open it as an HTML page rather than a corrupt JPEG image.

I don't know whether anyone has filed a bug. Normally security researchers would have done that before making a public disclosure but it is hard to search for security bugs.

If you want to file a new bug:

https://bugzilla.mozilla.org/

👍 0

Answer 1 · 2022-02-02 05:35:18

jscher2000 - Support Volunteer

Top 10 Contributor

02.02.2022, 06:24

Can you link to information about that vulnerability? To prevent a delay in your post appearing, add a space before the .com or .org in your link. (Otherwise, the reply is sent to the link spam moderation queue.)

Answer 2 · 2022-02-02 05:35:18

jscher2000 - Support Volunteer

Top 10 Contributor

02.02.2022, 06:29

Is it this one? https://besteffortteam.it/mozilla-firefox-content-type-confusion-unsafe-code-execution/

Answer 3 · 2022-02-02 05:35:18

jscher2000 - Support Volunteer

Top 10 Contributor

02.02.2022, 06:50

I think this is what they're doing:

https://www.jeffersonscher.com/res/test_jpg.php

Adding screenshot of download dialog:

Modificat în 2 februarie 2022, 08:35:56 -0800 de jscher2000 - Support Volunteer

Answer 4 · 2022-02-02 05:35:18

cobbfan221 Deținătorul întrebării

02.02.2022, 08:16

That was the site I saw about this issue but no official notice or fix which is what is needed.

Answer 5 · 2022-02-02 05:35:18

jscher2000 - Support Volunteer

Top 10 Contributor

02.02.2022, 08:30

Soluție aleasă

If you use my test document you will see that Firefox 96 still works the same way: when the server indicates this combination:

Content-Type: text/html Content-Disposition: attachment; filename=test.jpg

Firefox corrects the file name during the save process from test.jpg to test.jpg.html and you can open it as an HTML page rather than a corrupt JPEG image.

I don't know whether anyone has filed a bug. Normally security researchers would have done that before making a public disclosure but it is hard to search for security bugs.

If you want to file a new bug:

https://bugzilla.mozilla.org/

Caută ajutor

"Content-Type" header code execution

Soluție aleasă

Toate răspunsurile (5)

Soluție aleasă

Explore by product

Explore by topic

Navighează după produs

Browse all forum threads by topic

Get help with

Caută ajutor

"Content-Type" header code execution

Soluție aleasă

Toate răspunsurile (5)

Soluție aleasă