Mozilla Foundation Security Advisory 2015-43

Loading privileged content through Reader mode

Announced
April 3, 2015
Reporter
Armin Ebert
Impact
High
Products
Firefox
Fixed in
  • Firefox 37.0.1

Description

Security researcher Armin Ebert reported a flaw in Reader mode on Firefox for Android. Reader mode reformats web content for easy readability and operates as unprivileged content that is the equivalent of the formatted content. When Reader mode is unable to process content, it displays the original web pages. Since it is unprivileged, there are no restrictions on pages linking to or framing Reader mode content. The reported flaw is that privileged URLs can be passed to Reader mode and bypass the normal restrictions that prevent web pages from obtaining references to privileged contexts. If this issue was combined with another flaw that allowed for a violation of the same-origin policy, then the resulting combination could lead to arbitrary code execution.

This flaw only affects Firefox for Android and pre-release versions of Desktop Firefox. The released version of desktop Firefox does not have reader mode and is not affected.

References