jetlib.sec » Full Disclosure » Content Injection in Amazon's FireOS [CVE-2019-7399]

Feeds

263927 items (0 unread) in 27 feeds

• 0day.today (was: 1337day, Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

Full Disclosure

• February 08, 2019
• 

  Content Injection in Amazon's FireOS [CVE-2019-7399]

  Posted: February 8th, 2019, 10:46am PST

  Tags:   

  Posted by Nightwatch Cybersecurity Research on Feb 08

  [Original blog post here:
  https://wwws.nightwatchcybersecurity.com/2019/02/07/content-injection-in-amazon-kindles-fireos-cve-2019-7399/]
  
  SUMMARY
  
  The FireOS operating system provided by Amazon for Fire tablet devices
  can be injected with malicious content by an MITM attacker. An
  attacker can also capture the serial number of the device. The root
  cause is lack of HTTPS for legal content (terms of use and privacy
  policy) within the settings...