This video describes a security vulnerability found by Pedro Oliveira in Android Firefox browser. It allowed to steal cookies of a user that visited the attacker’s website. The bounty awarded for this bug was $5,000.

Blogpost:
https://medium.com/bugbountywriteup/firefox-and-how-a-website-could-steal-all-of-your-cookies-581fe4648e8d
Reporter’s twitter:
https://twitter.com/kanytu
Follow me on twitter:
https://twitter.com/gregxsunday

Timestamps:
00:00 Intro
00:26 content URIs
02:06 How could the attack work?
02:50 file:// and Same-Origin-Policy
04:32 The exploit

#Android #BugBounty

Add comment

Your email address will not be published. Required fields are marked *