Amazon FireOS CVE-2019-7399 Content Injection Vulnerability
BID:107025
CVE-2019-7399 |Info
Amazon FireOS CVE-2019-7399 Content Injection Vulnerability
| Bugtraq ID: | 107025 |
| Class: | Input Validation Error |
| CVE: |
CVE-2019-7399 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 07 2019 12:00AM |
| Updated: | Feb 07 2019 12:00AM |
| Credit: | Nightwatch Cybersecurity |
| Vulnerable: |
Amazon FireOS 5.3.6.3 |
| Not Vulnerable: |
Amazon FireOS 5.3.6.4 |
Discussion
Amazon FireOS CVE-2019-7399 Content Injection Vulnerability
Amazon FireOS is prone to a content injection vulnerability because the application fails to properly sanitize user-supplied input.
Successful exploits will allow attacker-supplied content to be passed in context of the affected application ; Other attacks are also possible.
Amazon FireOS 5.3.6.3 is vulnerable; other versions may also be affected.
Amazon FireOS is prone to a content injection vulnerability because the application fails to properly sanitize user-supplied input.
Successful exploits will allow attacker-supplied content to be passed in context of the affected application ; Other attacks are also possible.
Amazon FireOS 5.3.6.3 is vulnerable; other versions may also be affected.
Exploit / POC
Amazon FireOS CVE-2019-7399 Content Injection Vulnerability
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
References
Amazon FireOS CVE-2019-7399 Content Injection Vulnerability
References:
References:
- Amazon Homepage (amazon)
- Content Injection in Amazon Kindle�??s FireOS [CVE-2019-7399] (Amazon)