Closed
Bug 779406
Opened 12 years ago
Closed 12 years ago
Remove code evaluating in consoles
Categories
(DevTools :: Console, defect)
DevTools
Console
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 664589
People
(Reporter: brandonskypimenta, Unassigned)
References
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0.1) Gecko/20100101 Firefox/6.0.1
Build ID: 20110830092941
Steps to reproduce:
The Evaluator should be removed from the Error Console (EC) and Web Console (WC), which is vulnerable to a critical security exploit that allows an attacker to run arbitrary code on a 3rd-party server.
For example, an attacker can run arbitary code such as this:
var target="127.0.0.1"; hack(target); shutdown(target);
This security exploit should be resolved as soon as possible.
Actual results:
The Evaluator is still on the consoles. This evaluator should be removed per the description.
Expected results:
The Evaluator should not be on any consoles anymore.
Reporter | ||
Updated•12 years ago
|
Severity: normal → critical
Reporter | ||
Updated•12 years ago
|
Component: Untriaged → Developer Tools: Console
OS: Mac OS X → All
Hardware: x86 → All
Comment 1•12 years ago
|
||
How many entities are involved in your scenario, three (attacker, user, server) or two (attacker/user and server)? Are you proposing a way for a remote attacker to compromise the user? If so we'll need more information.
If the user -is- the attacker then the server needs to be robust against that situation in any case: the internet is a hostile place. The code running abilities of the console are no different than add-ons or a custom client could do.
Comment 2•12 years ago
|
||
There's also the case of "socially engineered malware", such as the cases where people convince e.g. facebook users to run a javascript: url in the address bar. That was common enough that we removed that feature, and we discussed the possibility that attackers will switch the attacks to developer tools. We are monitoring that situation. If that is what this bug is about it is a dupe of an earlier bug.
Updated•12 years ago
|
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → INCOMPLETE
Reporter | ||
Comment 3•12 years ago
|
||
Reopening
Status: RESOLVED → UNCONFIRMED
Resolution: INCOMPLETE → ---
Updated•12 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago → 12 years ago
Resolution: --- → DUPLICATE
Updated•6 years ago
|
Product: Firefox → DevTools
You need to log in
before you can comment on or make changes to this bug.
Description
•