cnvd - cnvd-2017-13148

cnvd-2017-13148

Vulnerability from cnvd

Title

Mozilla Firefox for Android本地安全绕过漏洞

Description

Mozilla Firefox for Android是美国Mozilla基金会的一款基于Android平台的开源Web浏览器。基于Android平台的Mozilla Firefox 54之前的版本中存在安全漏洞。攻击者可借助Android intent URLs利用该漏洞读取本地数据。

Severity

低

Patch Name

Mozilla Firefox for Android本地安全绕过漏洞的补丁

Patch Description

Mozilla Firefox for Android是美国Mozilla基金会的一款基于Android平台的开源Web浏览器。基于Android平台的Mozilla Firefox 54之前的版本中存在安全漏洞。攻击者可借助Android intent URLs利用该漏洞读取本地数据。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www.mozilla.org/en-US/security/advisories/mfsa2017-15/

Reference

http://www.securityfocus.com/bid/99052

Impacted products

Name
Mozilla Firefox <54

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99052"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-7759"
    }
  },
  "description": "Mozilla Firefox for Android\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u57fa\u4e8eAndroid\u5e73\u53f0\u7684\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\r\n\r\n\u57fa\u4e8eAndroid\u5e73\u53f0\u7684Mozilla Firefox 54\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9Android intent URLs\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u672c\u5730\u6570\u636e\u3002",
  "discovererName": "Takeshi Terada",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.mozilla.org/en-US/security/advisories/mfsa2017-15/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-13148",
  "openTime": "2017-07-07",
  "patchDescription": "Mozilla Firefox for Android\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u57fa\u4e8eAndroid\u5e73\u53f0\u7684\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\r\n\r\n\u57fa\u4e8eAndroid\u5e73\u53f0\u7684Mozilla Firefox 54\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9Android intent URLs\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u672c\u5730\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla Firefox for Android\u672c\u5730\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Mozilla Firefox \u003c54"
  },
  "referenceLink": "http://www.securityfocus.com/bid/99052",
  "serverity": "\u4f4e",
  "submitTime": "2017-06-15",
  "title": "Mozilla Firefox for Android\u672c\u5730\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2017-7759 (GCVE-0-2017-7759)

Vulnerability from cvelistv5

Published

2018-06-11 21:00

Modified

2024-08-05 16:12

Severity ?

CWE

Android intent URLs can cause navigation to local file system

Summary

Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 54.

References

URL

Tags

	https://www.mozilla.org/security/advisories/mfsa2017-15/	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1038689	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/99052	vdb-entry, x_refsource_BID
	https://bugzilla.mozilla.org/show_bug.cgi?id=1356893	x_refsource_CONFIRM