[VIM] Is the Firefox PAC eval issue really a vulnerability?
Steven M. Christey
coley at mitre.org
Wed Sep 28 13:30:37 EDT 2005
I noticed that most VDB's have decided to create an entry for the
Firefox PAC eval crash:
https://bugzilla.mozilla.org/show_bug.cgi?id=302100
While this issue was prominently listed under the "security and
stability" section of the release notes for 1.0.7, I wonder if it
qualifies as a security issue.
Based on my very minimal understanding of browsers, it seems that most
PAC scripts would come from a trusted source, e.g. an organization's
IT department, and this trust is essential for proper operation of the
browser (how else would a client know which proxies to use?) In
addition, it seems that the PAC format is in Javascript, thus the
provider of the PAC can already do various DoS attacks and probably
other things since I'd imagine the PAC is processed with some sort of
privileges. So it seems like the eval DoS isn't giving the PAC
provider anything that they don't already have, and security
boundaries aren't crossed, and it's not a security issue.
Thoughts or corrections?
By necessity I've created CAN-2005-3089 but included a disclaimer that
this might not be a security issue.
- Steve
More information about the VIM
mailing list