This video describes a security vulnerability found by Pedro Oliveira in Android Firefox browser. It allowed to steal cookies of a user that visited the attacker’s website. The bounty awarded for this bug was $5,000.

Reporter’s twitter:
Follow me on twitter:

00:00 Intro
00:26 content URIs
02:06 How could the attack work?
02:50 file:// and Same-Origin-Policy
04:32 The exploit

#Android #BugBounty

Add comment

Your email address will not be published. Required fields are marked *