Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2014-1507

Source

Mozilla Foundation Security Advisory 2014-25

Firefox OS DeviceStorageFile object vulnerable to relative path escape

Announced

March 18, 2014

Reporter

Ben Turner

Impact

Moderate

Products

Firefox OS

Fixed in

Firefox OS 1.2.2
Firefox OS 1.3

Description

Mozlla developer Ben Turner discovered that the protection against Directory Traversal through the DeviceStorage API was implemented in the wrong process on Firefox OS. If a Firefox OS application with any device-storage permissions were compromised an attacker could escape the media sandbox and potentially read or write any file on the device, depending on the permission level of the application

References

Device Storage - Additional security issue with OOP on FirefoxOS (CVE-2014-1507)

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Firefox OS DeviceStorageFile object vulnerable to relative path escape

Firefox OS DeviceStorageFile object vulnerable to relative path escape

Description

References

Vulmon Search

About

Products

Connect