Mozilla Foundation Security Advisory 2015-151

Lockscreen delay bypass in Firefox OS

Announced
December 30, 2015
Reporter
Frederik Braun
Impact
Moderate
Products
Firefox OS
Fixed in
  • Firefox OS 2.5

Description

Frederik Braun of Mozilla discovered a bug in the lockscreen state logic that allows an attacker to bypass the lockscreen delay. The delay was introduced to make it harder to brute-force the passcode lock of a Firefox OS device when an attacker has gained physical access. A successful attack would render that tar-pitting mechanism ineffective.

References