Closed Bug 953993 (CVE-2014-1484) Opened 11 years ago Closed 11 years ago

Fennec leaks profile path to logcat

Categories

(Firefox for Android Graveyard :: General, defect)

All
Android
defect
Not set
normal

Tracking

(firefox26 wontfix, firefox27 fixed, firefox28 fixed, firefox29 fixed, firefox-esr24 unaffected)

RESOLVED FIXED
Firefox 29
Tracking Status
firefox26 --- wontfix
firefox27 --- fixed
firefox28 --- fixed
firefox29 --- fixed
firefox-esr24 --- unaffected

People

(Reporter: rnewman, Assigned: rnewman)

References

Details

(Keywords: csectype-disclosure, sec-moderate, Whiteboard: [adv-main27+])

Attachments

(1 file)

Kinda makes Bug 944373 unnecessary! Log.d(LOGTAG, "Found profile dir: " + mProfileDir.getAbsolutePath()); 12-29 21:40:07.011 D/GeckoProfile( 5655): Found profile dir: /data/data/org.mozilla.fennec_rnewman/files/mozilla/$hash.default
Assignee: nobody → rnewman
Status: NEW → ASSIGNED
Attachment #8352340 - Flags: review?(mark.finkle)
Please note that I also used this vulnerability in the exploit of bug #944374. Also note that reading the logs of other apps is impossible in Jelly Bean and above.
Attachment #8352340 - Flags: review?(mark.finkle) → review+
Target Milestone: --- → Firefox 29
Comment on attachment 8352340 [details] [diff] [review] Proposed patch. v1 [Approval Request Comment] Bug caused by (feature/regressing bug #): Long time. User impact if declined: Profile paths leak to system log, which on less-modern Android versions gives other applications a head-start on fishing files (e.g., password databases) out of the user's profile directory. Testing completed (on m-c, etc.): Tested locally. Just landed. Risk to taking this patch (and alternatives if risky): ~0. Logging-only changes. String or IDL/UUID changes made by this patch: None.
Attachment #8352340 - Flags: approval-mozilla-beta?
Attachment #8352340 - Flags: approval-mozilla-aurora?
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Attachment #8352340 - Flags: approval-mozilla-beta?
Attachment #8352340 - Flags: approval-mozilla-beta+
Attachment #8352340 - Flags: approval-mozilla-aurora?
Attachment #8352340 - Flags: approval-mozilla-aurora+
Whiteboard: [adv-main27+]
Alias: CVE-2014-1484
Group: core-security
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: