Question

Èròjà atẹ̀lélànà yii ni a ti fi pamọ́ fọ́jọ́ pípẹ́. Jọ̀wọ́ béèrè ìbéèrè titun bí o bá nílò ìrànwọ́.

"Content-Type" header code execution

5 àwọn èsì
1 ní ìṣòro yìí
25 views
Èsì tí ó kẹ́hìn lọ́wọ́ jscher2000 - Support Volunteer

2 àwọn ọdún sẹ́hìn

cobbfan221

2/2/2022 5:35

We are looking to find a fix for the code execution bug found in May of 2021:

Mozilla Firefox is vulnerable to code execution by a remote attacker who can convince a user to open a malicious file. By manipulating the "Content-Type" header of a file the attacker can cause Firefox to execute scripts concealed in files that appear to be of non-executable types.

We are looking to find a fix for the code execution bug found in May of 2021: Mozilla Firefox is vulnerable to code execution by a remote attacker who can convince a user to open a malicious file. By manipulating the "Content-Type" header of a file the attacker can cause Firefox to execute scripts concealed in files that appear to be of non-executable types.

Ọ̀nà àbáyọ tí a yàn

If you use my test document you will see that Firefox 96 still works the same way: when the server indicates this combination:

Content-Type: text/html Content-Disposition: attachment; filename=test.jpg

Firefox corrects the file name during the save process from test.jpg to test.jpg.html and you can open it as an HTML page rather than a corrupt JPEG image.

I don't know whether anyone has filed a bug. Normally security researchers would have done that before making a public disclosure but it is hard to search for security bugs.

If you want to file a new bug:

https://bugzilla.mozilla.org/

👍 0

Answer 1 · 2022-02-02 05:35:18

jscher2000 - Support Volunteer

Top 10 Contributor

2/2/2022 6:24

Can you link to information about that vulnerability? To prevent a delay in your post appearing, add a space before the .com or .org in your link. (Otherwise, the reply is sent to the link spam moderation queue.)

Answer 2 · 2022-02-02 05:35:18

jscher2000 - Support Volunteer

Top 10 Contributor

2/2/2022 6:29

Is it this one? https://besteffortteam.it/mozilla-firefox-content-type-confusion-unsafe-code-execution/

Answer 3 · 2022-02-02 05:35:18

jscher2000 - Support Volunteer

Top 10 Contributor

2/2/2022 6:50

I think this is what they're doing:

https://www.jeffersonscher.com/res/test_jpg.php

Adding screenshot of download dialog:

Ti ṣàtúnṣe 2 Èrèl 2022 8:35:56 -0800 nípa jscher2000 - Support Volunteer

Answer 4 · 2022-02-02 05:35:18

cobbfan221 Ìbéèrè olóhun

2/2/2022 8:16

That was the site I saw about this issue but no official notice or fix which is what is needed.

Answer 5 · 2022-02-02 05:35:18

jscher2000 - Support Volunteer

Top 10 Contributor

2/2/2022 8:30

Ọ̀nà àbáyọ Tí a Yàn

If you use my test document you will see that Firefox 96 still works the same way: when the server indicates this combination:

Content-Type: text/html Content-Disposition: attachment; filename=test.jpg

Firefox corrects the file name during the save process from test.jpg to test.jpg.html and you can open it as an HTML page rather than a corrupt JPEG image.

I don't know whether anyone has filed a bug. Normally security researchers would have done that before making a public disclosure but it is hard to search for security bugs.

If you want to file a new bug:

https://bugzilla.mozilla.org/

Search Support

"Content-Type" header code execution

Ọ̀nà àbáyọ tí a yàn

All Replies (5)

Ọ̀nà àbáyọ Tí a Yàn

Béèrè Ìbéèrè

Explore Our Help Articles

Mozilla Account

Search Support

"Content-Type" header code execution

Ọ̀nà àbáyọ tí a yàn

All Replies (5)

Ọ̀nà àbáyọ Tí a Yàn