[tbb-bugs] #12736 [Applications/Tor Browser]: DLL hijacking vulnerability in TBB
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Dec 29 09:25:10 UTC 2016
#12736: DLL hijacking vulnerability in TBB
------------------------------------------------+--------------------------
Reporter: underdoge | Owner: tbb-team
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security, TorBrowserTeam201608 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------------------------+--------------------------
Comment (by gk):
It seems there is a way to override `SafeDllSearchMode` to make sure that
system32 is always checked first. According to Mozilla folks this can even
be done by using a registry switch:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution
Options\firefox.exe
+ setting a QWORD named `MitigationOptions` to (0x1000 0000 0000 0000).
Might be a thing our NSIS script could do if that's the way we want to go?
I have not tested this at all nor am sure if that's available on all
Windows versions (maybe this is just for Windows 10 available:
https://blogs.msdn.microsoft.com/oldnewthing/20161013-00/?p=94505#comment-1268775
? and https://blogs.msdn.microsoft.com/oldnewthing/20161013-00/?p=94505 in
general for a discussion about the problem)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12736#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list