lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Mar 2014 20:54:54 +0200 From: Roee Hay <roeeh@...ibm.com> To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk Subject: Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516) Hi, We have recently discovered a series of vulnerabilities in Firefox for Android that allows a malicious application to successfully derandomize the Firefox profile directory name in a practical amount of time and then leak sensitive data (such as cookies and cached information) which reside in that directory, breaking Android's sandbox: 1. (CVE-2014-1516) Profile Directory Name Weak Randomization. 2. (CVE-2014-1484) Profile Directory Name Leaks to Android System Log. 3. (CVE-2014-1515) Automatic File Download to SD Card. 4. (CVE-2014-1506) Crash Reporter File Manipulation. The full analysis with exploitation techniques can be found in our whitepaper. Important links: 1. Blog post: http://bit.ly/1drYsZp 2. Whitepaper: http://slidesha.re/1gqiyD3 -Roee
Powered by blists - more mailing lists