Mozilla Foundation Security Advisory 2014-25

Firefox OS DeviceStorageFile object vulnerable to relative path escape

Announced
March 18, 2014
Reporter
Ben Turner
Impact
Moderate
Products
Firefox OS
Fixed in
  • Firefox OS 1.2.2
  • Firefox OS 1.3

Description

Mozlla developer Ben Turner discovered that the protection against Directory Traversal through the DeviceStorage API was implemented in the wrong process on Firefox OS. If a Firefox OS application with any device-storage permissions were compromised an attacker could escape the media sandbox and potentially read or write any file on the device, depending on the permission level of the application

References