Does it change any existing interfaces?.Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully?.Explain the significant file formats, names, syntax, and semantics.Does it interoperate with a web service? How will it do so?.Please provide a table of exported interfaces (APIs, ABIs, protocols, UI, etc.).about:sessionrestore is displayed before the user could enter private browsing mode.How are transitions in/out of Private Browsing mode handled?.It is assumed that correctly implementing nsIAboutModule prevents this from happening. Web content must not be able to access about:sessionrestore, as this page contains potentially sensitive data (the whole session) and the possibility to load arbitrary URLs/cookies (needed to selectively restore the session).Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project.Shipped default preferences should prevent this from accidentally happening. Wrongly configured prefs will break the SessionStore service as a whole.Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing?.What security issues do you address in your project?.Tracking bug 448976 - turn the Session Restore prompt into an error page.
#Sessionrestore firefox upgrade#
Solution Upgrade to Mozilla Firefox version 106.0 or later.About:sessionrestore is the new in-browser page displayed for repeated crashes from which users can choose to (selectively) restore the crashed session. (CVE-2022-42932) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2022-42931) - Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Instead, the username (not password) was saved by the Form Manager to an unencrypted file on disk.
#Sessionrestore firefox password#
(CVE-2022-42930) - Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. (CVE-2022-42929) - If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the ThirdPartyUtil component. (CVE-2022-42928) - If a website called window.print() in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. (CVE-2022-42927) - Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries(). It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-44 advisory.
#Sessionrestore firefox windows#
Description The version of Firefox installed on the remote Windows host is prior to 106.0. Synopsis A web browser installed on the remote Windows host is affected by multiple vulnerabilities.
0 kommentar(er)
