![]() Using the exploit, an attacker can manipulate the crash report file path to the Android Log file in order to steal it. firefox/files/mozilla/Crash Reports/pending on the device file system. Malicious apps with READ_EXTERNAL_STORAGE permission can read files from the SD card to extract non- renderable data such as the cookies database.Ĥ.) Crash Reporter File Manipulation (CVE-2014-1506) - In cases where the application crashes, Firefox sends the crash dumps located in /data/data/org. In Android version 4.0 and below, installed apps with READ_LOGS permission can easily read Android system logs to identify the name of the Firefox user profile folder.ģ.) Automatic File Download to SD Card (CVE-2014-1515) - Firefox for Android will download any file automatically to the SD card, if not of any known extension.
0 Comments
Leave a Reply. |