Closed
Bug 1931033
Opened 10 months ago
Closed 10 months ago
Bypassing Android lock when accessing Firefox's passwords
Categories
(Firefox for Android :: Logins, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1928779
People
(Reporter: sha265k, Unassigned)
Details
(Keywords: reporter-external, Whiteboard: [client-bounty-form])
Attachments
(1 file)
|
3.42 MB,
video/mp4
|
Details |
When I tried to access my passwords on Firefox for Android, I was asked to enter my Android's passcode as expected. But after trying to return back by using the android return gesture few times, I got into the passwords manager, with access to all logins and passwords. See video for PoC.
Steps to reproduce:
- Install Firefox on Android device with passcode set.
- Save some password.
- Exit Firefox, and reopen it.
- Try to access the password manager.
- When asked to enter Android's passcode, use the return gesture/button few times until you have access to password manager.
Details:
Firefox 132.0.2 and 133.0b7
Android 13
Flags: sec-bounty?
OS: Unspecified → Android
Version: unspecified → Firefox 132
|
||
Updated•10 months ago
|
Group: firefox-core-security → mobile-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 10 months ago
Component: Security → Logins
Duplicate of bug: CVE-2024-11703
Product: Firefox → Fenix
Resolution: --- → DUPLICATE
|
|
||
Updated•10 months ago
|
Group: mobile-core-security → core-security-release
|
||
Updated•9 months ago
|
Flags: sec-bounty? → sec-bounty-
|
||
Updated•4 months ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•