Permission Issues

CVE-2016-9061

High

7.5/10

Summary

A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-275 - Permission Issues

Weaknesses in this category are related to improper assignment or handling of permissions.

References

Advisory Timeline

Published Jun 11, 2018

Permission Issues

CVE-2016-9061

Summary

CWE-275 - Permission Issues

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS