Bug 1010413 - (CVE-2016-5299) VUL-0: CVE-2016-5299: MozillaFirefox: Firefox AuthToken in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissions
VUL-0: CVE-2016-5299: MozillaFirefox: Firefox AuthToken in broadcast protecte...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P5 - None : Normal
: ---
Assigned To: Petr Cerny
Security Team bot
Depends on:
Blocks: 1009026
  Show dependency treegraph
Reported: 2016-11-16 09:33 UTC by Johannes Segitz
Modified: 2016-11-18 09:51 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2016-11-16 09:33:45 UTC
Security vulnerabilities fixed in Firefox 50

Discovered by: Ken Okuyama
A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected.

Comment 1 Johannes Segitz 2016-11-16 09:40:53 UTC
this issue only affects Android