Closed
Bug 794257
Opened 12 years ago
Closed 12 years ago
Protect against remote USSD attack
Categories
(Firefox for Android Graveyard :: General, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 794034
People
(Reporter: mfinkle, Unassigned)
Details
See details of the attack vector here: http://dylanreeve.posterous.com/remote-ussd-attack This attack depends on the type of dialer used on the phone. Some dialers, like the stock Galaxy Nexus dialer, will not actually dial the number, only display it waiting for the user to 'send'. Others, like older Samsung and DroidX, will attempt to dial the number. Maybe we could add a check for the USSD style number and display a prompt before sending to the dialer. Not marking as confidential since the attack is public and not a problem in Firefox.
Comment 1•12 years ago
|
||
Another option is to just not honor those requests when the user did not explicitly click on a link.
Reporter | ||
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Assignee | ||
Updated•3 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•