lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAA4i3gajgMFQhma14DqyLBOVejJcW=6HLtaZh4eQ6cKMu-OT9A@mail.gmail.com>
Date: Wed, 26 Mar 2014 20:54:54 +0200
From: Roee Hay <roeeh@...ibm.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: Firefox for Android Profile Directory Derandomization and Data
 Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)

Hi,

We have recently discovered a series of vulnerabilities in Firefox for Android
that allows a malicious application to successfully derandomize
the Firefox profile directory name in a practical amount of time
and then leak sensitive data (such as cookies and cached
information) which reside in that directory, breaking Android's
sandbox:

1. (CVE-2014-1516) Profile Directory Name Weak Randomization.
2. (CVE-2014-1484) Profile Directory Name Leaks to Android System Log.
3. (CVE-2014-1515) Automatic File Download to SD Card.
4. (CVE-2014-1506) Crash Reporter File Manipulation.

The full analysis with exploitation techniques can be found in our whitepaper.

Important links:

1. Blog post: http://bit.ly/1drYsZp
2. Whitepaper: http://slidesha.re/1gqiyD3


-Roee

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ