Firefox OS also contains extensive sandboxing. Each app runs in its own worker space and it has access only to the Web APIs and the data it is permitted to access, as well as the resources associated with that worker space (Indexed DB databases, cookies, offline storage, and so on).
In addition, apps communicate only with the B2G process, not with other processes or apps. Apps do not run independently of B2G, nor can apps “open” each other. The only “communication” between apps is indirect, and is mediated by the B2G process.
Exploiting the B2G process
The B2G process is a core process of Firefox OS. It is in the Gecko layer in the Firefox OS technology stack. If this process is exploited, an attacker can obtain high-level privileges (like root access.)
Approximately a month ago, a vulnerability in Firefox 17 was found which could be used to run arbitrary code. We have confirmed that this vulnerability can also cause the B2G process to crash, and that we can also control the IP (Instruction Pointer). This would allow an attacker to run arbitrary code on the device with the privileges of the B2G process.
Mozilla’s documentation itself states the exploitation of B2G process is a possible attack point for Firefox OS. This is because that content process can send dirty data to the B2G process.
Because the apps for Firefox OS are built using HTML5 apps, we can expect that the HTML5 vulnerabilities will be used to exploit Firefox OS in the future. Independent research has said that HTML5 features can be used to do memory fills for heap sprays.
The HTML5 command Uint8ClampedArray can be used to fill memory with high efficiency and easy to write code. It is easy to find a steady address filled with the payload using Uint8ClampedArray. HTML5 Web workers to fill memory quickly in using multiple threads, reducing the amount of time necessary to fill the memory.
In our previous study of HTML5, we tackled on how this can be abused and can result to various attacks, including spamming, unauthorized bitcoin generation, phishing and a browser-based botnet. Since these HTML5-based attacks will be memory-based, traditional antimalware solutions will be challenging.
Though the Firefox OS may not enjoy the market of the Android OS, the use of HTML5 is gradually gaining traction among users (Amazon also accepts HTML5 for its apps). Thus, regardless of OS, we can expect that as more apps and sites will use HTML5, such attacks will increase in the future.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.