Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)
Mar 26 2014 06:54PM
Roee Hay (roeeh il ibm com)
We have recently discovered a series of vulnerabilities in Firefox for Android
that allows a malicious application to successfully derandomize
the Firefox profile directory name in a practical amount of time
and then leak sensitive data (such as cookies and cached
information) which reside in t...
[ more ]
Copyright 2010, SecurityFocus