Mozilla Foundation Security Advisory 2015-74

UMS (USB) mounting after reboot even without unlocking

Announced
August 6, 2015
Reporter
Clement Lefevre
Impact
High
Products
Firefox OS
Fixed in
  • Firefox OS 2.2

Description

Clement Lefevre reported a bug in USB Mass Storage handling of Firefox OS that would allow unauthorized access to device data through the USB interface. The logic error would under certain circumstances expose USB media volumes to USB hosts while the device is locked with a pass code, for example after a reboot or after certain screen saver state changes.

References