Bug 1010413 - (CVE-2016-5299) VUL-0: CVE-2016-5299: MozillaFirefox: Firefox AuthToken in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissions
(CVE-2016-5299)
VUL-0: CVE-2016-5299: MozillaFirefox: Firefox AuthToken in broadcast protecte...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Petr Cerny
Security Team bot
:
Depends on:
Blocks: 1009026
  Show dependency treegraph
 
Reported: 2016-11-16 09:33 UTC by Johannes Segitz
Modified: 2016-11-18 09:51 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2016-11-16 09:33:45 UTC
Security vulnerabilities fixed in Firefox 50
https://www.mozilla.org/security/announce/2016/mfsa2016-89.html

Discovered by: Ken Okuyama
A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected.

https://bugzilla.mozilla.org/show_bug.cgi?id=1245791
Comment 1 Johannes Segitz 2016-11-16 09:40:53 UTC
this issue only affects Android