Closed Bug 1491240 Opened 6 years ago Closed 6 years ago

Firefox for Android App China version allow attackers to modify apps without affecting their signature.

Categories

(Firefox Build System :: Android Studio and Gradle Integration, defect)

Product:
Firefox Build System
Component:
Android Studio and Gradle Integration
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1489946

People

(Reporter: Bean3ai, Unassigned)

Details

Attachments

(2 files)

2018-09-14_17-49-58.jpg
50.30 KB, image/jpeg
Details
2018-09-14_17-47-58.jpg
277.72 KB, image/jpeg
Details
Attached image 2018-09-14_17-49-58.jpg
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 Steps to reproduce: Checking the Firefox for Android App China version`s signature information, I notice that it is using signature scheme version 1. App`s signature information screenshots attached, Wet can get this App from which http://www.firefox.com.cn/mobile/. (I report this bug because this app`s signature information is different from the Firefox for Android App US version`s)
Attached image 2018-09-14_17-47-58.jpg
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Group: firefox-core-security → mobile-core-security
Product: Firefox for Android → Firefox Build System
Group: mobile-core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: