[Forgot Password]
Login  Register Subscribe

25354

 
 

132805

 
 

137672

 
 

909

 
 

112213

 
 

156

Paid content will be excluded from the download.


Download | Alert*
OVAL

Mozilla Products: Android Crash Reporter open to manipulation - mfsa2014-24

ID: oval:org.secpod.oval:def:17156Date: (C)2014-03-20   (M)2020-01-16
Class: PATCHFamily: windows




Firefox for Android includes a Crash Reporter which sends crash data to Mozilla for analysis. Security researcher Roee Hay reported that third party Android applications could launch the crash reporter with their own arguments. Normally applications cannot read the private files of another application, but this vulnerability allowed a malicious application to specify a local file in the Firefox profile and it to its own server leading to information disclosure. The crash reporter can also be invoked in a manner causing an immediate crash of Firefox, leading to a potential denial of service (DOS) attack.

Platform:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Microsoft Windows 10
Product:
Mozilla Firefox
Reference:
MFSA 2014-24
CVE-2014-1506
CVE    1
CVE-2014-1506
CPE    218
cpe:/a:mozilla:firefox:14.0
cpe:/a:mozilla:firefox:20.0.1
cpe:/a:mozilla:firefox:1.5:beta2
cpe:/a:mozilla:firefox:1.5:beta1
...

© SecPod Technologies