Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30385
HistoryMar 27, 2014 - 12:00 a.m.

Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)

2014-03-2700:00:00
vulners.com
27

Hi,

We have recently discovered a series of vulnerabilities in Firefox for Android
that allows a malicious application to successfully derandomize
the Firefox profile directory name in a practical amount of time
and then leak sensitive data (such as cookies and cached
information) which reside in that directory, breaking Android's
sandbox:

  1. (CVE-2014-1516) Profile Directory Name Weak Randomization.
  2. (CVE-2014-1484) Profile Directory Name Leaks to Android System Log.
  3. (CVE-2014-1515) Automatic File Download to SD Card.
  4. (CVE-2014-1506) Crash Reporter File Manipulation.

The full analysis with exploitation techniques can be found in our whitepaper.

Important links:

  1. Blog post: http://bit.ly/1drYsZp
  2. Whitepaper: http://slidesha.re/1gqiyD3

-Roee

Related for SECURITYVULNS:DOC:30385