Closed Bug 1661179 Opened 5 years ago Closed 3 years ago

Web Share can be used to attach file:/// URLs

Categories

(Firefox for iOS :: Third Party Security Issues, defect)

Product:
Firefox for iOS
Component:
Third Party Security Issues
Platform:
Other
iOS
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
fxios - ---

People

(Reporter: agashlin, Unassigned)

References

(
URL
)

Details

(Keywords: sec-audit, sec-vector)

The PoC released today (see URL) for Safari uses Web Share with a file: URL to share local files in an obscured way, this fairly easily can lead to attaching them to an email with the iOS Mail app. This also affects Firefox for iOS.

(apologies if it doesn't make sense to submit this given it may not be in our power to fix, but it seemed prudent to report)

Hi Adam, can you clarify how this affects Firefox for iOS... is that because WKWebView natively provides access to the API?

Marcos, Yes.
And the bug was open to understand if Firefox iOS could mitigate on top on WKWebView.

Does it make sense to keep this hidden if the PoC is public and it's known all iOS browsers are really webkit inside?

Keywords: sec-audit, sec-vector

I don't think it needs to be hidden, but I wanted to leave that decision to the pros.

The severity field is not set for this bug.
:garvan, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(gkeeley)
Severity: -- → S4
Flags: needinfo?(gkeeley)

Closing since can't reproduce, fixed by Webkit.

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Group: mobile-core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.