Skip to content
  • Home
  • Social Media
  • About Us
  • Privacy Policy
    • Cookie Policy
    • Terms of Use
  • Amazon Affiliate Disclaimer
  • Sitemap
Menu

lumialivecentre.com

  • Home
  • Social Media
  • About Us
  • Privacy Policy
    • Cookie Policy
    • Terms of Use
  • Amazon Affiliate Disclaimer
  • Sitemap
Home / Social Media / A visit to a crafted webpage would have been enough for a bad guy to munch all your Firefox for Android cookies • The Register
Posted inSocial Media

A visit to a crafted webpage would have been enough for a bad guy to munch all your Firefox for Android cookies • The Register

Posted By Baris Posted on December 11, 2020
Comments are off

A cunning man can ignore any cookie from a Firefox device using Android by asking the user to view a specially created HTML file.

For example, Pedro Oliveira, a researcher at Infosec, discovered a vulnerability in the way Firefox processes local files through URI content://, allowing it to remotely copy all cookies stored on the device, giving it access to a proper evaluation of the sites visited by the user of the device.

While the bug has been fixed in the latest versions of Firefox for Android, the inclusion of the Oliveira in the volcano – and the speed at which Mozilla fixed it, he says in his report – reveals an obscure but easily exploitable vulnerability, as he puts it.

The exploit worked by convincing the user to visit a specific HTML file. The malicious file opened an iframe called content:// URI for the Firefox profiles.ini file, which contains Firefox user profile information and cookies. Since Firefox was processing these URIs, Oliveira was able to get a copy of a local file that the attacker was not allowed to access remotely via a web page.

While the blog post referred to profile.ini, the Oliveira vulnerability report submitted to Mozilla expanded the exploit to extract the cookies associated with the profile.

Firefox Update: Mozilla is currently repairing three holes that need to be made and a lot of other errors.

LEARN MORE

Using the URI:// content to access local files on the device, the researcher noticed that the browser sends them to the URI:// file, indicating that a copy of the requested resource is stored in the private directory of the cache before it is downloaded.

This content:// The URI requires read and write permissions to access other applications, Oliveira said in the section of the registry. When a URI is shared by multiple applications (e.g. sharing a c), the original application must give permission to use that URI before it is made available. This URI contains rights when shared with a receiving application, and only has access to that application. However, if an application processes the URI itself (and not by other applications), these rights do not apply, so that the application can freely access its content.

Every file downloaded with Firefox versions up to 68.10.1 is treated this way, Oliveira is found.

He was going to explain: Since the [malicious] file we downloaded and the file downloaded by the exploit have the same name, it will be replaced in the home directory. We have now opened a malicious file in the cache, but the source file has been replaced by another file. After downloading an iframe, the cached malicious file sends its own content to the malicious website. Since the road is the same as the origin, this is also the case without coercive [political] measures.

A comment was requested from Mozilla, although Firefox was already updated to version 68.10.1 in July to repair the volcano. Over the years, the open source browser has played its part in the number of public messages, including a vaguely similar bug in the implementation of remote code in 2018, which also worked by deceiving users into accessing a malicious web page. ®

Related Tags:

Previous Article The 20 Best Music Extensions for Google Chrome
Next Article AMD Radeon RX 6800 Series Linux Performance Review

Related Posts

Posted inSocial Media

What do I need to know to make calls on WhatsApp?

After reading this guide, you will learn how to make a voice or video call on WhatsApp from your iPhone or Android device. Hello, friends. It’s Frankie again. Today I want to talk about another trick that can help you

Read More about What do I need to know to make calls on WhatsApp?
Posted By Baris Posted on December 21, 2020
Comments are off
Posted inSocial Media

The App To Help You Come up With a Dating Activity

Menu item and details. Words: 943 Reading time: ~4 minutes This can be a problem for couples when it comes to making decisions together. If you’re in a relationship, decisions about what you do on date night need to be

Read More about The App To Help You Come up With a Dating Activity
Posted By Baris Posted on December 21, 2020
Comments are off
Posted inSocial Media

Space Wolf Review –

Sons of Russia comes to the Nintendo Switch in a new version of Warhammer 40,000 : Space Wolf by developer HeroCraft. Once the game is loaded, the player is greeted with a roaring and murderous Space Wolves logo. Tips are

Read More about Space Wolf Review –
Posted By Baris Posted on December 19, 2020
Comments are off

Recent Posts

  • HappyForms Review: One of the best form plugins on the market
  • Using PowerShell to View and Change BIOS Settings
  • What Are the Most Profitable Website Types in 2020
  • 10 best software to improve video quality [2021 Guide]
  • How to Install Android Q on Windows 10 PC – Latest Version
  • How Web Design affects SEO –
  • How to Stop Programs From Running at Startup on Windows 10 (Updated)
  • How to Fix “The selected virtual disk is incompatible with this workstation…”
  • CleanMyMac X Review –
  • Best Elementor Ecommerce Themes To Use In 2021
  • How to Get YouTube Premium Free Trial of 3 Months using Google One
  • How to Delete a Blogger Blog Permanently in 3 Minutes
  • Find out how Custom Software is Different from Packaged Software.
  • Xender for PC Windows 10/8.1/7 32-64 Bit Laptop Download
  • Best Minecraft taiga biome seeds
© Copyright 2018. Theme by BloomPixel