diff options
| author | Mark H Weaver <mhw@netris.org> | 2024-11-27 05:43:54 -0500 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2024-11-27 05:43:54 -0500 |
| commit | f51d53cf8e009dcec345c16f4f20b31931cb03de (patch) | |
| tree | 3ea07e4dbb08ecfa0a07d66056827a263a65a1c6 /data | |
| parent | 21732b4ee88ac55f266cc1e83f2c98514eba9ae9 (diff) | |
Fix CVE-2024-11693.
* data/patches/CVE-2024-11693.patch: New file.
Diffstat (limited to 'data')
| -rw-r--r-- | data/patches/CVE-2024-11693.patch | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/data/patches/CVE-2024-11693.patch b/data/patches/CVE-2024-11693.patch new file mode 100644 index 0000000..6bb997a --- /dev/null +++ b/data/patches/CVE-2024-11693.patch @@ -0,0 +1,98 @@ +Fixes CVE-2024-11693 (Download Protections were bypassed by .library-ms files on Windows) +Copied from <https://hg.mozilla.org/releases/mozilla-esr128/rev/e983e8a66e515a2e32497cec1b3ccf439396dadc> + +# HG changeset patch +# User Marco Bonardo <mbonardo@mozilla.com> +# Date 1730555916 0 +# Node ID e983e8a66e515a2e32497cec1b3ccf439396dadc +# Parent 893b0489efa4b18355ea91113c28bf7c731a2749 +Bug 1921458. a=dmeehan + +Original Revision: https://phabricator.services.mozilla.com/D226775 + +Differential Revision: https://phabricator.services.mozilla.com/D227221 + +diff --git a/toolkit/components/reputationservice/ApplicationReputation.cpp b/toolkit/components/reputationservice/ApplicationReputation.cpp +--- a/toolkit/components/reputationservice/ApplicationReputation.cpp ++++ b/toolkit/components/reputationservice/ApplicationReputation.cpp +@@ -286,16 +286,17 @@ const char* const ApplicationReputationS + #endif + //".job", // Windows + //".jpg", + //".jpeg", + //".js", exec // JavaScript script + //".jse", exec // JScript + ".ksh", // Linux shell + //".lha", ++ //".library-ms", exec // Windows + //".lnk", exec // Windows + ".local", // Windows + //".lpaq1", + //".lpaq5", + //".lpaq8", + //".lzh", + //".lzma", + //".mad", exec // MS Access +diff --git a/toolkit/components/reputationservice/test/gtest/TestExecutableLists.cpp b/toolkit/components/reputationservice/test/gtest/TestExecutableLists.cpp +--- a/toolkit/components/reputationservice/test/gtest/TestExecutableLists.cpp ++++ b/toolkit/components/reputationservice/test/gtest/TestExecutableLists.cpp +@@ -116,16 +116,17 @@ static const char* const kTestFileExtens + ".isp", // IIS config + ".jar", // Java + #ifndef MOZ_ESR + ".jnlp", // Java + #endif + ".js", // JavaScript script + ".jse", // JScript + ".ksh", // Linux shell ++ ".library-ms", // Windows Library Files + ".lnk", // Windows + ".local", // Windows + ".mad", // MS Access + ".maf", // MS Access + ".mag", // MS Access + ".mam", // MS Access + ".manifest", // Windows + ".maq", // MS Access +diff --git a/xpcom/io/nsLocalFileCommon.cpp b/xpcom/io/nsLocalFileCommon.cpp +--- a/xpcom/io/nsLocalFileCommon.cpp ++++ b/xpcom/io/nsLocalFileCommon.cpp +@@ -67,16 +67,17 @@ const char* const sExecutableExts[] = { + ".ins", + ".isp", + ".jar", // java application bundle + #ifndef MOZ_ESR + ".jnlp", + #endif + ".js", + ".jse", ++ ".library-ms", // Windows Library Files + ".lnk", + ".mad", // Access Module Shortcut + ".maf", // Access + ".mag", // Access Diagram Shortcut + ".mam", // Access Macro Shortcut + ".maq", // Access Query Shortcut + ".mar", // Access Report Shortcut + ".mas", // Access Stored Procedure +diff --git a/xpcom/io/nsLocalFileCommon.h b/xpcom/io/nsLocalFileCommon.h +--- a/xpcom/io/nsLocalFileCommon.h ++++ b/xpcom/io/nsLocalFileCommon.h +@@ -3,14 +3,14 @@ + /* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + + #ifndef _NS_LOCAL_FILE_COMMON_H_ + #define _NS_LOCAL_FILE_COMMON_H_ + + #ifdef MOZ_ESR +-extern const char* const sExecutableExts[108]; ++extern const char* const sExecutableExts[109]; + #else +-extern const char* const sExecutableExts[109]; ++extern const char* const sExecutableExts[110]; + #endif + + #endif + |