Archive for novembre 2015

icon_firefox[CVE 2015-7186] Reading sensitive profile files through local HTML file on Android


Reading sensitive profile files through local HTML file on Android


Announced: November 3, 2015
Reporter: Jordi Chancel
Impact: Moderate
Products: Firefox
Fixed in: Firefox 42


Description

Security researcher Jordi Chancel reported an issue in Firefox for Android where
a locally saved HTML file could use file: URIs to trigger the download of
additional files or opening of cached profile data without user awareness.


This issue only affects Firefox for Android. Firefox on other operating systems is not affected.


Vulnerability demonstration (video):

icon_firefox[CVE 2015-7185] Firefox for Android addressbar can be removed after fullscreen mode


Firefox for Android addressbar can be removed after fullscreen mode


Announced: November 3, 2015
Reporter: Jordi Chancel
Impact: Moderate
Products: Firefox
Fixed in: Firefox 42


Description

Security researcher Jordi Chancel reported when Firefox
for Android exits fullscreen mode, it can be induce through script to not restore the
addressbar when the window is redrawn in normal mode. This could allow an attacker to
spoof the addressbar with their own content.


This issue only affects Firefox for Android. Firefox on other operating systems is not affected.


Vulnerability demonstration (video):