You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, I was able to execute code that would interact with the electron instance via the Mozilla interactive examples iFrames. You can watch an example of this vulnerability on YouTube. This is a common vulnerability involved with Electrons "nodeIntegration" property being set to true. You can read more about the vulnerability on Doyensec's Blog.
How to reproduce
The Mozilla interactive examples run inside an iFrame and allows you to modify and execute JavaScript. I was able to execute code inside the iFrame that would set the parent page of iFrame to a website of my choice. On the website of my choice I wrote JavaScript that would interact with the NodeJS process and execute programs require('child_process').exec().
Hello, I was able to execute code that would interact with the electron instance via the Mozilla interactive examples iFrames. You can watch an example of this vulnerability on YouTube. This is a common vulnerability involved with Electrons "nodeIntegration" property being set to true. You can read more about the vulnerability on Doyensec's Blog.
How to reproduce
The Mozilla interactive examples run inside an iFrame and allows you to modify and execute JavaScript. I was able to execute code inside the iFrame that would set the parent page of iFrame to a website of my choice. On the website of my choice I wrote JavaScript that would interact with the NodeJS process and execute programs
require('child_process').exec()
.Possible ways to fix the vulnerability.
The text was updated successfully, but these errors were encountered: