496011-1.xhtml Html.Exploit.CVE_2018_8249-6576099-0 FOUND

Talk about code development, features, specific bugs, enhancements, patches, and similar things.
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.

This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.

Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
User avatar
Lunokhod
Lunatic
Lunatic
Posts: 469
Joined: 2017-04-20, 21:25
Contact:

496011-1.xhtml Html.Exploit.CVE_2018_8249-6576099-0 FOUND

Unread post by Lunokhod » 2022-03-31, 01:57

layout/base/crashtests/496011-1.xhtml: Html.Exploit.CVE_2018_8249-6576099-0 FOUND
https://hg.mozilla.org/mozilla-central/rev/1c374190ca92
I ran a scan with clamav on my homedir and happened to have an old copy of the Pale Moon source code hanging about and it got a hit. Boom function! No doubt nothing to worry about in terms of malware, but if it has a suspect signature presumably other anti-virus solutions might take offence at it too. Perhaps you don't even need / use that test. As you've switched from the sacred source code system :clap: I can see you still have that file without needing to download a new copy :D
https://repo.palemoon.org/MoonchildProd ... 11-1.xhtml
So perhaps you might like to know this, if not, sorry to trouble you.
Wait, it's all Ohio? Always has been...

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35404
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: 496011-1.xhtml Html.Exploit.CVE_2018_8249-6576099-0 FOUND

Unread post by Moonchild » 2022-03-31, 10:21

Why are you virus-scanning the source code? XD
And for that matter, why does a virus scanner include detections on desktop for server-side exploit code?...

Many tests in the tree are from security bugs and based on proof-of-concept reproductions of said bugs so they will undoubtedly have (parts of) exploit code in them, risking false positives.

Also, as a reminder for anyone wanting to report security issues, please do so via PM if you think it might actually impact Pale Moon's security, to prevent unwanted/premature disclosure of a vulnerability.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Locked