icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Firefox OS < 1.2.2 / 1.3 Directory Traversal Vulnerability

High

Synopsis

The remote mobile host may be running a vulnerable version of Firefox OS.

Description

Firefox OS is a Linux kernel-based operating system for smartphones and tablet computers. Versions earlier than 1.2.2 and 1.3 are vulnerable to directory-traversal, as the protection mechanism through the DeviceStorage API was implemented in the wrong process on Firefox OS. This could allow an attacker to escape the media sandbox and potentially read or write any file on the device within the context of the application.

Solution

Upgrade to Firefox OS 1.2.2 or 1.3 or later.