17-Year Old Bug dans Firefox permet Theft Fichiers locaux Attaques
CYBER NOUVELLES

17-Year Old Bug dans Firefox permet Theft Fichiers locaux Attaques

1 Star2 Stars3 Stars4 Stars5 Stars (Pas encore d'évaluation)
Loading ...

Le chercheur en sécurité Barak Tawily récemment sur un venu de 17 ans, la vulnérabilité de sécurité la plus récente version de Mozilla Firefox. Il se trouve que le navigateur très populaire est vulnérable aux attaques de vol de fichiers local sur tout système d'exploitation.




Vulnerability in Firefox Allows Local Files Theft

The attack is possible due to improper implementation of Same Origin Policy for file scheme URLs, le chercheur. There’s also a proof-of-concept for the attack. The vulnerability is yet to be patched.

En d'autres termes, the vulnerability would allow attackers to steal files stored on the user’s computer. The attack leverages the way the Firefox browser implements Same Origin Policy for the “fichier://” scheme URI (Uniform Resource Identifiers), which allows any file in a folder on a system to get access to files in the same folder and subfolders.
The researcher shared a complete attack scenario based on this vulnerability:

1. Attacker sends email to victim with attachment file to be downloaded / Victim browse to malicious website and download file
2. The victim opens the HTML malicious file
3. The file loading the containing folder in an iframe (so my file path is file:///home/user/-malicious.html, and the iframe source will be file:///home/user/)
4. The victim thinks he clicks on a button on the malicious HTML, but in fact he is clicking on the malicious file html inside the iframe’s directory listing (using ClickJacking technique, in order to apply the “context switching bug” which allows me access the directory listing of my containing folder)
5. The malicious iframe now have escalated privileges and is be able to read any file on the folder contains the malicious file, (in most cases downloads folder, in my case is file:///home/user/).
6. The malicious file is able to read any file on it’s containing folder (fichier:///home/user/), such as SSH private key by simply fetching the URL file:///home/user/.ssh/ida_rsa and stealing any file by 1 more fetch request to the attacker’s malicious website with the files’ content.
7. The attacker gains all files in the folder containing the malicious file exploit this vulnerability

The researcher believes that the issue stems from the web origin concept RFC which is not describing a well-defined implementation of SOP for file scheme URLs.

en relation: Mozilla Firefox Malware Plugins Peste Le dépôt officiel

Tawily was curious to see for how long Firefox has been ignoring complaints without doing anything about the “insecure approach”. To his own surprise, he managed to get hold of a bug quite similar to this vulnerability vulnerability (except for the directory listing context switch bug). The similar bug was already signalé 17 il y a des années.

Tawily reported his findings to Mozilla who responded that this was aduplicate report“, ajoutant que “the specification of the Same Origin Policy is unclear here Our implementation of the Same Origin Policy allows every file:// URL to get access to files in the same folder and subfolders“.

avatar

Milena Dimitrova

Un écrivain inspiré et gestionnaire de contenu qui a été avec SensorsTechForum pour 4 ans. Bénéficie d' « M.. Robot » et les craintes de 1984 '. Axé sur la vie privée des utilisateurs et le développement des logiciels malveillants, elle croit fermement dans un monde où la cybersécurité joue un rôle central. Si le bon sens n'a pas de sens, elle sera là pour prendre des notes. Ces notes peuvent se tourner plus tard dans les articles!

Plus de messages

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont marqués *

Délai est épuisé. S'il vous plaît recharger CAPTCHA.

Partager sur Facebook Partager
Loading ...
Partager sur Twitter Tweet
Loading ...
Partager sur Google Plus Partager
Loading ...
Partager sur Linkedin Partager
Loading ...
Partager sur Digg Partager
Partager sur Reddit Partager
Loading ...
Partager sur Stumbleupon Partager
Loading ...