Closed
Bug 1138808
(CVE-2015-4494)
Opened 10 years ago
Closed 10 years ago
Permission bypass for Wifi direct system messages
Categories
(Firefox OS Graveyard :: Wifi, defect)
Tracking
(b2g-v1.4 wontfix, b2g-v2.0 fixed, b2g-v2.0M fixed, b2g-v2.1 fixed, b2g-v2.1S fixed, b2g-v2.2 fixed, b2g-master fixed)
RESOLVED
FIXED
2.2 S7 (6mar)
People
(Reporter: pauljt, Assigned: fabrice)
References
Details
(Keywords: sec-moderate, Whiteboard: [b2g-adv-main2.2+])
Attachments
(1 file)
|
845 bytes,
patch
|
vchang
:
review+
|
Details | Diff | Splinter Review |
I'm not sure when WifiDirect was enabled but there appears to be no permission checks on the system messages:
https://dxr.mozilla.org/mozilla-central/source/dom/messages/SystemMessagePermissionsChecker.jsm#127
Unless I'm mistaken, that means any app could listen for these system messages, which is probably a privacy issue? It is documented as requiring the "wifi-manage" permission, but this is not how it is implemented. Marking as secure just in case, but its publicly documented so not sure how useful that is.
If this is actually an oversight, then this is probably a blocking bug, so marking 2.2?
The sec-rating is a guess, im not sure of the actually implication here, it may not actually be too bad.
|
Assignee | |
Comment 1•10 years ago
|
||
I think you're right, since we broadcast these system messages (see http://mxr.mozilla.org/mozilla-central/ident?i=PAIRING_REQUEST_SYS_MSG).
|
|
Assignee | |
Comment 2•10 years ago
|
||
Assignee: nobody → fabrice
Attachment #8572057 -
Flags: review?(vchang)
|
||
Comment 3•10 years ago
|
||
Comment on attachment 8572057 [details] [diff] [review]
wifi-p2p.patch
Review of attachment 8572057 [details] [diff] [review]:
-----------------------------------------------------------------
Thanks for jumping to this.
Attachment #8572057 -
Flags: review?(vchang) → review+
|
|
Assignee | |
Comment 4•10 years ago
|
||
|
||
Comment 5•10 years ago
|
||
Status: NEW → RESOLVED
Closed: 10 years ago
status-b2g-master:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 2.2 S7 (6mar)
|
|
||
Comment 6•10 years ago
|
||
Do we need to consider backporting this to any older releases?
Flags: needinfo?(fabrice)
|
|
Assignee | |
Comment 7•10 years ago
|
||
(In reply to Ryan VanderMeulen [:RyanVM UTC-5] from comment #6)
> Do we need to consider backporting this to any older releases?
Would be good, yes. a=me for all branches down to 2.0
Flags: needinfo?(fabrice)
|
|
||
Updated•10 years ago
|
|
|
||
Comment 8•10 years ago
|
||
|
|
||
Comment 9•10 years ago
|
||
https://hg.mozilla.org/releases/mozilla-b2g34_v2_1s/rev/28ffee0d5b0c
https://hg.mozilla.org/releases/mozilla-b2g32_v2_0m/rev/e89ba447d264
status-b2g-v2.0M:
--- → fixed
status-b2g-v2.1S:
--- → fixed
|
||
Comment 10•10 years ago
|
||
CCing bkerensa since he is release managing for ESR and wasn't able to see this.
|
|
Assignee | |
Comment 11•10 years ago
|
||
We don't ship that code in desktop builds.
|
||
Updated•10 years ago
|
Group: core-security
|
|
||
Updated•10 years ago
|
Group: b2g-core-security
|
||
Updated•9 years ago
|
Whiteboard: [b2g-adv-main2.2+]
|
|
||
Updated•9 years ago
|
Alias: CVE-2015-4494
Summary: Wifi direct system messages don't require a permission → Permission bypass for Wifi direct system messages
|
||
Updated•9 years ago
|
Group: core-security → core-security-release
|
|
||
Updated•8 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•