Does Bonita represent a security issue regarding "Overflow Event Handing Memory Corruption Vulnerability" ?

Submitted by ismail.lagouill... on Mon, 06/08/2020 - 19:38
1
0
-1

Hello,

Antivirus is blocking access to Bonita to one of the users. Here's is the name of the reason for the blocking according to the antivirus:

Attack Name,HTTP: Mozilla Firefox Overflow Event Handing Memory Corruption Vulnerability

Does Bonita have an open security vulnerability regarding the point above?

Platform:

  • Bonita 7.8.3
  • Firefox 76.0.1 (64bit)

Regards,

Comments

Submitted by romain.bioteau on Wed, 06/10/2020 - 09:31

Hi Ismail,

To my knowledge there is no known issue Bonita side about such an issue. But, it is possible that custom code (javascript expression or custom widget) can introduce memory issues in the browser.

Are you using custom code in your pages and forms ? What is antivirus detecting the issue ?

Permalink
Submitted by ismail.lagouill... on Wed, 06/17/2020 - 08:24

Thanks for your response!! I'm looking into the possibility of a custom code that causes this alert. I'll get back to you as soon as I suspect something in particular.

Permalink
1 answer

Submitted by anthony.birembaut on Wed, 06/10/2020 - 11:10
1
0
-1

Hello Ismail,
From what I understand, this is a vulnerability that affected (very) old Firefox versions: https://fortiguard.com/encyclopedia/ips/14922/mozilla-products-overflow-...
So since you are using a modern firefox version, you should be fine I think. I don't know why your antivirus is reporting something like this...
HTH

Comments

Submitted by emmanuel.duchas... on Mon, 06/15/2020 - 09:56

Ismail says it happens on Firefox 76.0.1, so the source of the issue must be somewhere else...

Permalink
Submitted by ismail.lagouill... on Wed, 06/17/2020 - 08:28

Thanks for your help guys!! Indeed, I suspect a custom code that could cause this alert. I'll update this thread as soon as I find any suspicious code whether it's Bonita's or the .bos project.

Permalink
Notifications