Mozilla Foundation Security Advisory 2015-151
Lockscreen delay bypass in Firefox OS
- December 30, 2015
- Frederik Braun
- Firefox OS
- Fixed in
- Firefox OS 2.5
Frederik Braun of Mozilla discovered a bug in the lockscreen state logic that allows an attacker to bypass the lockscreen delay. The delay was introduced to make it harder to brute-force the passcode lock of a Firefox OS device when an attacker has gained physical access. A successful attack would render that tar-pitting mechanism ineffective.