The Bibisco Desktop Application does not limit in-app navigation. As a result, the application’s window can be navigated to arbitrary third-party sites, resulting in malicious or potentially harmful domains being loaded within the application context. Additionally, the application enables node integration and disables context isolation – therefore malicious websites can perform remote code execution on the underlying system.
Platform(s) Affected:
All
Steps To Reproduce:
Open the Bibisco Desktop Application from the command-line. Add a command-line switch --remote-debugging-port=8315 while running the application.
Open a web browser on the same device and visit localhost:8315. The application can be interacted with via the DevTools protocol.
Within the console, update the location, say, `window.location.href = “https://google.com/”.
The Bibisco application window is navigated to https://google.com/, i.e., away from the application’s intended page.
Credit Information:
Mir Masood Ali, PhD student, University of Illinois at Chicago
Mohammad Ghasemisharif, PhD Candidate, University of Illinois at Chicago
Chris Kanich, Associate Professor, University of Illinois at Chicago
Jason Polakis, Associate Professor, University of Illinois at Chicago
Summary:
The Bibisco Desktop Application does not limit in-app navigation. As a result, the application’s window can be navigated to arbitrary third-party sites, resulting in malicious or potentially harmful domains being loaded within the application context. Additionally, the application enables node integration and disables context isolation – therefore malicious websites can perform remote code execution on the underlying system.
Platform(s) Affected:
All
Steps To Reproduce:
Open the Bibisco Desktop Application from the command-line. Add a command-line switch
--remote-debugging-port=8315while running the application.Open a web browser on the same device and visit
localhost:8315. The application can be interacted with via the DevTools protocol.Within the console, update the location, say, `window.location.href = “https://google.com/”.
The Bibisco application window is navigated to
https://google.com/, i.e., away from the application’s intended page.Credit Information:
Mir Masood Ali, PhD student, University of Illinois at Chicago Mohammad Ghasemisharif, PhD Candidate, University of Illinois at Chicago Chris Kanich, Associate Professor, University of Illinois at Chicago Jason Polakis, Associate Professor, University of Illinois at Chicago