Checkout my new writeup on how could a website steal all your Firefox cookies remotely 📱🐛.
CVE-2020-15647: Arbitrary local file access in Firefox for Android
#MobileSecurity#AndroidSecurity#Android#BugBounty
https://t.co/8vuuSulfED
@tbbhunter If I remember correctly, if you register a package name, you can't unregister it. So in this scenario, the company in question wont be able to use the package name they wanted in the first place. I don't think that's a good ideia.
As a pentester, for me this is one of the most disappointing sights when on a test. I know others would get excited, but for me, it shows a lack of fundamental understanding that we really need to try and teach.
@dirtycoder0124@Bugcrowd@Hacker0x01@mobilesecurity_@_bagipro Some programs accept that as data exfiltration meaning an attacker can read potentially danger info from the victim but that requires physical access to the device. Example: https://t.co/6VuZ9FRAaw
I wrote a new write-up disclosing a Brave for Android vulnerability that would allow a malicious web page to steal your cookies.
https://t.co/rw98CVux10
#MobileSecurity#infosec#BugBounty#Android
I've been reporting security issues in Android applications for the past year 📱🔒.
I've finally reached top 50 in Google's Hall of Fame.
https://t.co/cuj7iVJJMK
I needed one more week of a break but the newest video is out! This time it's out of the box vulnerability in mobile Firefox by @kanytu that allowed reading local files of a victim that visited the website. It was awarded $5,000. Enjooy!
https://t.co/LMfEZNub94