CVE-2023-1384 Information

May 04, 2023 cve

Description

The setMediaSource function on the amzn.thin.pl service does not sanitize the \source\ parameter allowing for arbitrary javascript code to be run

This issue affects:

Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3.

Reference

https://www.bitdefender.com/blog/labs/vulnerabilities-identified-amazon-fire-tv-stick-insignia-fire-os-tv-series/

Share on: