Tag Archives: Mozilla

Boot –To- Gecko (B2G) Attack, Probability of Facing by Firefox OS with HTML5

27 Sep

firefox_os_The Firefox OS, another competitor in mobile operating systems, will probably see HTML5-identified strike and attacks on a vital operating system process. Firefox OS is assembled around HTML5; the most recent form of the open standard web programming language that is intended to be more intuitive and multimedia neighborly. Some mobile phone operators are now delivering devices with the Firefox OS, which originates from Mozilla, the charitable association behind the Firefox desktop program.

 Mozilla’s Firefox OS looks to test the strength of Google and Apple’s, Android and iOS operating systems. Firefox OS is designed for high-execution, minimal effort phones running apps utilizing the HTML5 web modifying language.

Firefox OS acquires much from the Firefox mobile browser and Gecko application model, which is utilized to render Web pages and show applications. The platform that support Firefox OS, called Boot to Gecko (B2G), gets 95 percent of its code from the mobile browser and Gecko, as per Mozilla.

 The mobile OS utilizes a Linux kernel, which then bangs into the Gecko run time. The highest layer of the technology stack, called Gaia, produces the interface seen by clients. As additional individuals utilize smartphones, attackers and hackers are progressively searching for approaches to endeavor mobile units.

hack“Despite the fact that the Firefox OS may not enjoy the business sector of the Android OS, the utilization of HTML5 is step by step picking up traction around clients (Amazon likewise acknowledges HTML5 for its apps),”. “Subsequently, paying little mind to OS, we can want that as additional applications and sites will utilize HTML5, we can anticipate that such assaults will expand in the future.

B2G holds a methodology inside the OS that authorizes authorizations conceded to applications and counteracts unapproved demands by those applications. A few applications can solicit more authorization; however those appeals must be checked and marked by an app store. The B2G process has high benefits and vets those petition. Mozilla has affirmed B2G is a conceivable attack vector.

“Provided that this process is misused, an attacker can acquire abnormal amount benefits (like root access)”.

A powerlessness discovered a month ago, which was really altered sometime during repairing an alternate blemish in June 2013, made the B2G process to crash. It could have permitted an attacker to run discretionary code on a device with the same high benefits as the B2G process.


By Pooja Runija