Industry News

Vulnerability in Pocket Addon for Firefox Could Have Affected Company Servers

A server-side vulnerability found in the save-for-later service would have allowed attackers to gain access to all user data and even populate their reading lists with malicious links.

Because the bookmarking app had poor networking design, the researcher was able to retrieve user information relating to IP addresses, saved URLs, and – with the help of some redirects – access to the etc/passwd file that contains a list of the system’s accounts.

“Applications similar to Pocket require some logic to handle HTTP redirects on links [and] I added a link to my queue that resulted in a somewhat malicious redirect,” wrote researcher Clint Ruoho. “After refreshing the Pocket app on my Android phone, the (reading) list included file:///etc/passwd. Clicking on the item revealed the full contents of /etc/passwd.”

Exploiting more than one vulnerability, the researcher believes an attacker could have grabbed the etc/passwd file as well as SSH private keys from the auto-provisioned EC2 user’s home directory, obtained internal IP addresses, and even SSH into the private IP addresses for Pocket’s backend server by using the SSH private key.

“They could have compromised the Pocket application and gained access to all of Pocket’s user data, and in theory manipulated it so that it synchronises to user devices,” said Miller. “They could do things here like redirects to client-side exploits. There’s also a privacy concern here too if people are saving links off their corporate intranet to Pocket that contain internal documents or authentication credentials.”

Following responsible disclosure, the vulnerability has been fixed and users should be safe now. However, the researcher believes it was lucky for Pocket that a responsible researcher offered to help, even if the company has no bug bounty program.

About the author

Liviu ARSENE

Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.

1 Comment

Click here to post a comment
  • someones antivirus shield browser are rejected for the last firefox version. They will considered dangerous and let cautions for your use.