Firefox for Android Vulnerability Puts Local Data At Risk

A security vulnerability that has been recently discovered on the Firefox for Android browser puts data that has been stored on an android device as well as that within the browser at risk. Developer Sebastian Guerrero Selma of viaForensics posted a video showing how hackers will be able to access data on the device.

Browsers are complicated applications and locking them down against threats is extremely difficult. The vulnerability of Firefox for Android is triggered when a user navigates to a website that has a malicious javascript code. This will then allow hackers to access the private information stored in the browser (cookies, login credentials, bookmarks) as well as the content of the device SD card. As we all know users store most of their data on the SD card. This may include photos, documents, and videos among others. All of these can be easily accessible by a hacker.

Files are accessed through the standard “file://” URI syntax. Firefox encrypts the data stored in internal storage which is why hackers also introduce a third-party app which gets the encrypted keys stored on the device.

Selma says that he has already notified Mozilla about this vulnerability and that he has sent detailed information on how the exploit is done.

Mozilla has reportedly fixed the exploit on their latest update to the browser however this has to be confirmed yet. Just to make sure it’s best to use other browsers to navigate websites.

via androidpolice


Leave a Reply

Required fields are marked *

PicUntu 4.4.3 Brings Ubuntu Linux To Android Devices Using RK3188 Quad-Core Chips

Leaked Log Files Confirm Core Nexus 5 Specs