Firefox for Android Vulnerabilities: Overtaking Firefox Profiles
We have recently discovered a series of vulnerabilities in Firefox for Android that allows a malicious application to successfully derandomize the Firefox profile directory name in a practical amount of time and then leak sensitive data (such as cookies and cached information) which reside in that directory, breaking Android's
sandbox:
1. (CVE-2014-1516) Profile Directory Name Weak Randomization.
2. (CVE-2014-1484) Profile Directory Name Leaks to Android System Log.
3. (CVE-2014-1515) Automatic File Download to SD Card.
4. (CVE-2014-1506) Crash Reporter File Manipulation.
The full analysis with exploitation techniques can be found in our whitepaper.
Important links
1. Blog post: http://bit.ly/1drYsZp
2. Whitepaper: http://slidesha.re/1gqiyD3
sandbox:
1. (CVE-2014-1516) Profile Directory Name Weak Randomization.
2. (CVE-2014-1484) Profile Directory Name Leaks to Android System Log.
3. (CVE-2014-1515) Automatic File Download to SD Card.
4. (CVE-2014-1506) Crash Reporter File Manipulation.
The full analysis with exploitation techniques can be found in our whitepaper.
Important links
1. Blog post: http://bit.ly/1drYsZp
2. Whitepaper: http://slidesha.re/1gqiyD3