Closed
Bug 1138808
(CVE-2015-4494)
Opened 10 years ago
Closed 10 years ago
Permission bypass for Wifi direct system messages
Categories
(Firefox OS Graveyard :: Wifi, defect)
Tracking
(b2g-v1.4 wontfix, b2g-v2.0 fixed, b2g-v2.0M fixed, b2g-v2.1 fixed, b2g-v2.1S fixed, b2g-v2.2 fixed, b2g-master fixed)
RESOLVED
FIXED
2.2 S7 (6mar)
People
(Reporter: pauljt, Assigned: fabrice)
References
Details
(Keywords: sec-moderate, Whiteboard: [b2g-adv-main2.2+])
Attachments
(1 file)
|
(deleted),
patch
|
vchang
:
review+
|
Details | Diff | Splinter Review |
I'm not sure when WifiDirect was enabled but there appears to be no permission checks on the system messages: https://dxr.mozilla.org/mozilla-central/source/dom/messages/SystemMessagePermissionsChecker.jsm#127 Unless I'm mistaken, that means any app could listen for these system messages, which is probably a privacy issue? It is documented as requiring the "wifi-manage" permission, but this is not how it is implemented. Marking as secure just in case, but its publicly documented so not sure how useful that is. If this is actually an oversight, then this is probably a blocking bug, so marking 2.2? The sec-rating is a guess, im not sure of the actually implication here, it may not actually be too bad.
|
Assignee | |
Comment 1•10 years ago
|
||
I think you're right, since we broadcast these system messages (see http://mxr.mozilla.org/mozilla-central/ident?i=PAIRING_REQUEST_SYS_MSG).
|
|
Assignee | |
Comment 2•10 years ago
|
||
Assignee: nobody → fabrice
Attachment #8572057 -
Flags: review?(vchang)
|
||
Comment 3•10 years ago
|
||
Comment on attachment 8572057 [details] [diff] [review] wifi-p2p.patch Review of attachment 8572057 [details] [diff] [review]: ----------------------------------------------------------------- Thanks for jumping to this.
Attachment #8572057 -
Flags: review?(vchang) → review+
|
||
Comment 5•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/07d9bcf2c1c1
Status: NEW → RESOLVED
Closed: 10 years ago
status-b2g-master:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 2.2 S7 (6mar)
|
|
||
Comment 6•10 years ago
|
||
Do we need to consider backporting this to any older releases?
Flags: needinfo?(fabrice)
|
|
Assignee | |
Comment 7•10 years ago
|
||
(In reply to Ryan VanderMeulen [:RyanVM UTC-5] from comment #6) > Do we need to consider backporting this to any older releases? Would be good, yes. a=me for all branches down to 2.0
Flags: needinfo?(fabrice)
|
|
||
Updated•10 years ago
|
|
|
||
Comment 8•10 years ago
|
||
https://hg.mozilla.org/releases/mozilla-b2g37_v2_2/rev/303a47b92ecd https://hg.mozilla.org/releases/mozilla-b2g34_v2_1/rev/28ffee0d5b0c https://hg.mozilla.org/releases/mozilla-b2g32_v2_0/rev/e89ba447d264
|
|
||
Comment 9•10 years ago
|
||
https://hg.mozilla.org/releases/mozilla-b2g34_v2_1s/rev/28ffee0d5b0c https://hg.mozilla.org/releases/mozilla-b2g32_v2_0m/rev/e89ba447d264
status-b2g-v2.0M:
--- → fixed
status-b2g-v2.1S:
--- → fixed
CCing bkerensa since he is release managing for ESR and wasn't able to see this.
|
||
Updated•10 years ago
|
Group: core-security
|
|
||
Updated•10 years ago
|
Group: b2g-core-security
|
||
Updated•9 years ago
|
Whiteboard: [b2g-adv-main2.2+]
|
|
||
Updated•9 years ago
|
Alias: CVE-2015-4494
Summary: Wifi direct system messages don't require a permission → Permission bypass for Wifi direct system messages
|
||
Updated•9 years ago
|
Group: core-security → core-security-release
|
|
||
Updated•8 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•