search

mozilla-mobile / focus-android

⚠️ Firefox Focus (Android) moved to a new repository. It is now developed and maintained as part of: https://github.com/mozilla-mobile/firefox-android
https://github.com/mozilla-mobile/firefox-android
Mozilla Public License 2.0
2.1k stars 711 forks source link

Share, copy and paste crashes DoS #8056

Closed Lostmon closed 2 years ago

Lostmon commented 2 years ago

######################## Mozilla firefox focus and Nightly for Android remote crash DoS ########################

Mozilla Firefox, Focus and Nightly For Android Remote Crash Dos Vulnerability. Last update: 18/11/2022

################ Description ################

A vulnerability is present in the way that Mozilla for Android mobile products manage the clipboard and handle excepcions.

A evil site can take profit from software excepcions to do a crash in the app or to deny access to clipboard and cause a crash resulting in lost of available information that not save.

If we close the app and clear cache etc, we have the same situation a crash or a Dos that Tdo a crash. :)

The vulnerability interact with parts of Android system like open links in app, and sharing functions.

It's a of different error messages that the app can't handle or programmer store remote data in parcels, or how store data in clipboard and how process it.

Multiple app are vulnerable to this style attack resulting in a lost of data, DoS to application, crash aplicattion or DoS to functions or application or dead browser treat activity and force user to close App.

We can abuse parcels errors in

TransactionTooLargeException

DeadSystemException

Wen can abuse open in app or sharing functions or clipboard functions in

TransactionTooLargeException

DeadSystemException

ClipboardManager

content.ClipboardManager.getPrimaryClip

################ Versions afected: ################

Mozilla firefox

107.1.0 Build #2015915067 106.1.0 built 2015907747 105.2.0 built 2015907747

Mozilla Nightly

107.0a1 built 2015909163 built 2015909131 built 2015915115

108.0a1 built 2015912339 built 2015913675

109.0a1 Build 2015916075

Mozilla Focus

105.0.2 built 362762015

107.1.0 Built 363142253

#########################

Related bugs in other apps

https://bugs.chromium.org/p/chromium/issues/detail?id=1385502

Posible related bug

https://github.com/mozilla-mobile/android-components/issues/12804

Tested on

Android 9, 10, 11, 12 and continue testing

################ Timelime ###############

Discovered 28-08-2022 Vendor notify : Released 12-10-2022 Last update 18-11-2022 ###############

No more details at this time.

Exploit available.

I update this advisore in few days with more information.

################ €nd ####################

-- atentamente: Lostmon (lostmon@gmail.com) Web-Blog: http://lostmon.blogspot.com/ Google group: http://groups.google.com/group/lostmon (new)

La curiosidad es lo que hace mover la mente...

Lostmon commented 2 years ago

Here you have screenshots from all Mozilla browsers. Screenshot_20221118_161746_org mozilla firefox Screenshot_20221118_162446_org mozilla focus Screenshot_20221118_162120_org mozilla fenix

cpeterso commented 2 years ago

Moved to bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1802594

Change performed by the Move to Bugzilla add-on.