SecuriTeam Secure Disclosure
SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries.
Porteus Kiosk is a lightweight Linux operating system which has been restricted to allow only use of the web browser. Furthermore, the browser has been locked down to prevent users from tampering with settings or downloading and installing software. When the kiosk boots it automatically opens Firefox to your chosen home page. The history is not kept, no passwords are saved, and many menu items have been disabled for total security. When Firefox is restarted all caches are cleared and browser the reopens automatically with a clean session to ensure no trace of history is left.
Two vulnerabilities have been recently come into our attention and have been purchased from one of our security researchers, these vulnerabilities allow disclosure of local files and the ability to escape from the “jailed” browser.
The vulnerabilities have both been patched in the latest version, part of the 20150619, version.
The details mentioned below have not been released before though the description of the vulnerabilities found at Porteus Kiosk Changelog.
The browser installed by default is a jailed Firefox that only allows you to zoom in, out, search and insert URL. There is not bars (menu, history, favorites, …) and you can’t use shortcuts (like ALT) so there is very limited usability.