A visit to a crafted webpage would have been enough for a bad guy to munch all your Firefox for Android cookies

2020-11-17 18:33

A crafty person could have slurped every single cookie from a Firefox-using Android device by tricking a user to look at a specially crafted HTML file.

So found infosec researcher Pedro Oliveira, who discovered a vulnerability in the way Firefox handled local files through content:// URIs that allowed him to remotely retrieve copies of all cookies saved on the device - giving him access to a reasonable estimate of the websites viewed by the device's user.

The exploit worked by convincing the user to visit a specific HTML file.

Ini file, which contains information about the user's Firefox profile as well as the cookies.

Thanks to Firefox's handling of these URIs, Oliveira was able to walk away with a copy of a local file that a remote attacker should not have been capable of accessing through a webpage.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/11/17/firefox_cookie_theft/

#android #firefox

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Android		4	0	17	2	0	19