Closed Bug 1719511 (CVE-2022-38474) Opened 3 years ago Closed 2 years ago

No recording notification for microphone

Categories

(Fenix :: General, defect)

Product:
Fenix
Component:
General
Platform:
Unspecified
Android
Type:
defect

Tracking

(firefox102 wontfix, firefox103 wontfix, firefox104 fixed)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox102 --- wontfix
firefox103 --- wontfix
firefox104 --- fixed

People

(Reporter: agi, Assigned: amejia)

Details

(Keywords: sec-low, Whiteboard: [post-critsmash-triage][adv-main104+])

Attachments

(2 files)

0001-Improve-the-media-delegate.patch
12.20 KB, patch
royang
: review+
Details | Diff | Splinter Review
advisory.txt
438 bytes, text/plain
Details

Navigate to a page that records audio, e.g.: https://addpipe.com/simple-web-audio-recorder-demo/

Start recording, notice no notification appears that the page is recording audio.

Chrome shows a notification as expected.

This might be related to the recent deprecation of the onRecordingStatusChanged API

Group: mobile-core-security

I can reproduce in release so this is not a recent regression :(

Since this can only apply to sites you've given permission to there won't be too many opportunities for maliciousness, but people might forget that it's running. (Recording without permission would be sec-high, even if there is a tiny recording icon somewhere)

Keywords: sec-low

It looks like all it's needed here is for AC/Fenix to listen for onRecordingStatusChanged and display a notification.

[Security approval request comment]
How easily could an exploit be constructed based on the patch?
Not easy.

Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?
No.

Which older supported branches are affected by this flaw?
102 (Actual)

If not all supported branches, which bug introduced the flaw?
Not know.

Do you have backports for the affected branches? If not, how different, hard to create, and risky will they be?
No.

How likely is this patch to cause regressions; how much testing does it need?
Not likely.

Assignee: nobody → amejiamarmol
Attachment #9285006 - Flags: sec-approval?
Attachment #9285006 - Flags: review?(royang)
Attachment #9285006 - Flags: sec-approval?
Attachment #9285006 - Flags: review?(royang) → review+

We landed a patch on AC and manually verified that the notification is working as expected. The fix should be in Fenix and Focus as soon ad they get the new AC update.

Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox103: --- → wontfix
status-firefox104: --- → fixed
Resolution: --- → FIXED
Group: mobile-core-security → core-security-release
status-firefox102: --- → wontfix
Whiteboard: [post-critsmash-triage]
Whiteboard: [post-critsmash-triage] → [post-critsmash-triage][adv-main104+]
Alias: CVE-2022-38474
Component: Security: Android → General
OS: Unspecified → Android
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: