If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.
Bug 953993 (CVE-2014-1484)

Fennec leaks profile path to logcat

RESOLVED FIXED in Firefox 27

Status

()

Firefox for Android
General
RESOLVED FIXED
4 years ago
3 years ago

People

(Reporter: rnewman, Assigned: rnewman)

Tracking

(Blocks: 1 bug, {csectype-disclosure, sec-moderate})

unspecified
Firefox 29
All
Android
csectype-disclosure, sec-moderate
Points:
---

Firefox Tracking Flags

(firefox26 wontfix, firefox27 fixed, firefox28 fixed, firefox29 fixed, firefox-esr24 unaffected)

Details

(Whiteboard: [adv-main27+])

Attachments

(1 attachment)

(Assignee)

Description

4 years ago
Kinda makes Bug 944373 unnecessary!

                Log.d(LOGTAG, "Found profile dir: " + mProfileDir.getAbsolutePath());

12-29 21:40:07.011 D/GeckoProfile( 5655): Found profile dir: /data/data/org.mozilla.fennec_rnewman/files/mozilla/$hash.default
(Assignee)

Comment 1

4 years ago
Created attachment 8352340 [details] [diff] [review]
Proposed patch. v1
Assignee: nobody → rnewman
Status: NEW → ASSIGNED
Attachment #8352340 - Flags: review?(mark.finkle)

Comment 2

4 years ago
Please note that I also used this vulnerability in the exploit of bug #944374. Also note that reading the logs of other apps is impossible in Jelly Bean and above.
Attachment #8352340 - Flags: review?(mark.finkle) → review+
(Assignee)

Comment 3

4 years ago
https://hg.mozilla.org/integration/fx-team/rev/d531cccd308c
Target Milestone: --- → Firefox 29
(Assignee)

Comment 4

4 years ago
Comment on attachment 8352340 [details] [diff] [review]
Proposed patch. v1

[Approval Request Comment]
Bug caused by (feature/regressing bug #): 
  Long time.

User impact if declined: 
  Profile paths leak to system log, which on less-modern Android versions gives other applications a head-start on fishing files (e.g., password databases) out of the user's profile directory.

Testing completed (on m-c, etc.): 
  Tested locally. Just landed.

Risk to taking this patch (and alternatives if risky): 
  ~0. Logging-only changes.

String or IDL/UUID changes made by this patch:
  None.
Attachment #8352340 - Flags: approval-mozilla-beta?
Attachment #8352340 - Flags: approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/d531cccd308c
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
status-firefox27: --- → affected
status-firefox28: --- → affected
status-firefox29: --- → fixed
Resolution: --- → FIXED
Attachment #8352340 - Flags: approval-mozilla-beta?
Attachment #8352340 - Flags: approval-mozilla-beta+
Attachment #8352340 - Flags: approval-mozilla-aurora?
Attachment #8352340 - Flags: approval-mozilla-aurora+
(Assignee)

Comment 6

4 years ago
https://hg.mozilla.org/releases/mozilla-aurora/rev/fe438b8e6dc5
https://hg.mozilla.org/releases/mozilla-beta/rev/4efbfe0c7320
status-firefox27: affected → fixed
status-firefox28: affected → fixed
status-firefox-esr24: --- → unaffected
status-firefox26: --- → wontfix
Whiteboard: [adv-main27+]
Alias: CVE-2014-1484
Keywords: csectype-other, sec-low → csectype-disclosure, sec-moderate
Group: core-security
You need to log in before you can comment on or make changes to this bug.