Closed Bug 1600227 Opened 6 years ago Closed 3 years ago

FLAG_SECURE misuse incognito mode

Categories

(Emerging Markets Graveyard :: Security: Firefox Lite, defect)

Product:
Emerging Markets Graveyard
Component:
Security: Firefox Lite
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: mishra.dhiraj95, Unassigned, NeedInfo)

Details

(Keywords: reporter-external)

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:70.0) Gecko/20100101 Firefox/70.0

Steps to reproduce:

The FLAG_SECURE setting was initially introduced as an additional setting to WindowManager.LayoutParams to prevent DRM-protected content from appearing in screenshots, video screencaps or from being viewed on “non-secure displays”.

Firefox Lite for android does not prevent screenshot which is taken in private tab or in incognito mode.

Aside, I verified this with Chrome and Samsung they prevent taking screenshot from private mode.

Asking Joe Cheng for input on this bug. (I can't move it to a Lite product in Bugzilla because it does not exist)

Flags: needinfo?(jcheng)
Component: General → Security: Firefox Lite
Product: Firefox for Android → Emerging Markets

Just to add, apart from the lite version the normal FF for android is also affected by this. Aside, I did few more research on this an below is the attack scenario which I can think as of now.

Several scenarios would result in an app being installed on a user’s phone recording their activity. These include:

  1. Malicious casting apps requiring record permission, since users usually don’t know that casting apps can also record their screen;
  2. Innocuous-looking apps using Cloak & Dagger attacks;
  3. Malicious app installed through third-party Android app stores or bypassing PHA detection filters of the Play Store;
  4. Malicious app pushed to the smartphone using the Play Store feature in a Man-in-the-Browser attack scenario;

This being a security bug is not useful. For Firefox for Android there is already bug 1145505 but with the product being on our ESR branch very little work is being done on it. A major behavior change like that would be unusual. For Firefox Preview there is https://github.com/mozilla-mobile/fenix/issues/2768

Group: mobile-core-security

(In reply to Kevin Brosnan [:kbrosnan] from comment #3)

This being a security bug is not useful. For Firefox for Android there is already bug 1145505 but with the product being on our ESR branch very little work is being done on it. A major behavior change like that would be unusual. For Firefox Preview there is https://github.com/mozilla-mobile/fenix/issues/2768

Note that this bug is about Firefox Lite.

(I'm also adding a bounty request flag on behalf of the reporter, well knowing that it's unlikely to be granted)

Flags: sec-bounty?

My comment 3 was based on the start of the reporter's comment 2.

(In reply to Dhiraj Mishra from comment #2)

Just to add, apart from the lite version the normal FF for android is also affected by this...

Flags: sec-bounty? → sec-bounty-
Firefox for Echo Show and Firefox Lite are no longer supported. This report has been closed because the projects are no longer accepting new contributions. See https://support.mozilla.org/en-US/kb/end-support-firefox-lite and https://support.mozilla.org/en-US/kb/end-support-firefox-amazon-devices
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.