Due to a race condition in the handling of the user notification, a system user can be prompted to install an app that the intended system user does not have permissions to install. This could lead to malicious apps being installed that had not been intended to be installed by the target user. Patch ID: ALPS06219065; Issue ID: ALPS06219065.
Mitigation
Run all software as a non-privileged user.
To confirm that the issue has been resolved, confirm that the issue no longer occurs after the upgrade. If the issue still occurs, confirm that the issue occurs in the same way on both upgrade and downgrade installations. If it occurs differently, then the issue has been incorrectly resolved and needs to be reported.
Impact
The above issues could lead to a system privilege escalation with no additional execution privileges needed. Furthermore, due to the user notification issue, an unintended system app could be installed that the intended system user does not have permissions to install. This could lead to malicious apps being installed that had not been intended to be installed by the target user.
CVEs
XSA-114: Privilege Escalation via Missing User Notification
XSS Attack via X-Forwarded-For Header
XSA-105: XSS via Cookie in HTTP GET Request
CVE-2021: System User Can Gain Initial Privilege Escalation
CVE-2021: System User Can Gain Initial Privilege Escalation
Due to a race condition in the handling of the user notification, a system user can be prompted to install an app that the intended system user does not have permissions to install. This could lead to malicious apps being installed that had not been intended to be installed by the target user. Patch ID: XSA-114; Issue ID: XSA-114.
Mitigation
Run all software as a non-privileged user.
XSS Auditor (XSS AUDITOR)
Patch ID: ALPS06219065; Issue ID: ALPS06219065.
Mitigation
Run all software as a non-privileged user.
XSS Auditor (XSA-115)
The user notification issue was fixed in XSA-115, which increased the severity of this vulnerability to important. Therefore, this CVE is no longer relevant to management of this vulnerability.
XSS Auditor (XSSAUD)
The XSSAUD (XSS Auditor) is a software module that runs as part of the Firefox browser. It is designed to see if a web page contains any potentially dangerous code, like XSS attacks. The XSSAUD module does not take any action on the site it inspects--it just reports on what it finds. The XSSAUD module will have some false positives, so you should still check every single page yourself, or use another tool such as Firebug to investigate the site further before sending it to the XSSAUD.
Timeline
Published on: 02/09/2022 23:15:00 UTC
Last modified on: 02/14/2022 19:53:00 UTC