Mozilla Firefox Extensions manager扩展名漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1192456 漏洞类型 未知
发布时间 2006-12-15 更新时间 2006-12-15
CVE编号 CVE-2006-6585 CNNVD-ID CNNVD-200612-368
漏洞平台 N/A CVSS评分 6.4
|漏洞来源
https://www.securityfocus.com/bid/87251
https://cxsecurity.com/issue/WLB-2006120114
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-368
|漏洞详情
MozillaFirefox2.0中的Extensionsmanager未正确填充本地扩展的列表。攻击者可以通过在列表中查找扩展名再调用RemoveElement来构建一个自隐藏的扩展。
|漏洞EXP
Background
----------
Firefox is very popular and secure web browser. Until now, it is used by
millions of people and thousands of internet clubs. One of the great features of
Firefox are extensions. You can use them to create things inside your browser
which are beyond your imagination.

Overview
--------
Every Firefox extensions developer knows the 'hidden' property of 'install
manifest'. This property can be used to hide _globally_ installed extensions and
it can't hide only local extension (this is a design feature so the extensions
installed by users can't be hidden). But it is not known that this can be
easily bypassed..

Did you know that you can't trust to what Extensions manager is saying ? For
detailed information look at the function 'hide_me()' in file
'src/chrome/content/ffsniff/ffsniffOverlay_orig.js' of my PoC.

Proof of Concept
----------------
As a PoC I updated my Firefox sniffer extension (FFsniFF) so now it has the
ability to hide itself. You can download it here:
http://azurit.gigahosting.cz/ffsniff/

The new version (0.2) was tested _only_ with Firefox 2.0 (both linux and
Windows).

FFsniFF is a simple Firefox extension, which transforms your browser into the
html form sniffer. Every time the user click on 'Submit' button, FFsniFF will try
to find a non-blank password field in the form. If it's found, entire form (also
with URL) is sent to the specified e-mail address. It also has the ability to
hide itself from 'Extensions manager'.

Solution
--------
There's no solution for this problem at this time.

azurIt, azurIt@IRCnet, azurit (at) pobox (dot) sk
|受影响的产品
Mozilla Firefox 3.0 Mozilla Firefox 2.0
|参考资料

来源:BUGTRAQ
名称:20061210Firefox2.0securitybug:Extensionscanhidethemself
链接:http://www.securityfocus.com/archive/1/archive/1/454058/100/0/threaded
来源:SREASON
名称:2046
链接:http://securityreason.com/securityalert/2046
来源:MISC
链接:http://azurit.elbiahosting.sk/ffsniff/ffsniff-0.2.tar.gz