Security advisory: Porteus Kiosk security restrictions bypass


Share on facebook
Share on twitter
Share on linkedin

Advisory information

Title: Porteus Kiosk security restrictions bypass
Advisory reference: BLAZE-01-2017
Product: Porteus Kiosk
Disclosure mode: Coordinated disclosure

Product description

Porteus Kiosk is a popular lightweight Linux designed to be used as a kiosk solution. It implements several restrictions with the intent to prevent malicious users to modify the configuration of the Firefox browser and to escape the restricted browser environment and obtain access to the underlying operating system and filesystem.

Vulnerability details

In order to restrict access to the browser configuration facilities, Porteus Kiosk removed these menus from the browser interface. In addition, it implemented a blacklist filter to prevent the user from accessing protocols that can be abused to escape these restrictions, such as file:// and numerous chrome:// URIs.

During a security review of this kiosk solution it was found the blacklist was not enough to prevent the user to access configuration menus of the browser.

By typing any of these chrome URIs in Firefox:


A user of the kiosk can access its configurations, password manager, etc. For example, a malicious user can reconfigure the network preferences to point to an attacker-controlled proxy and launch other attacks from there, intercept traffic and other malicious actions.

Fix and recommendations

The vulnerability has been addressed by Porteus Kiosk in release 4.0.0. It is recommended to upgrade Porteus Kiosk to its latest version.


This vulnerability was discovered and researched by Julio Cesar Fort from Blaze Information Security (

Disclosure timeline

24/05/2016: Initial contact asking for the vendor’s PGP key
24/05/2016: Vendor responded, asking for details of the vulnerability to be sent via unencrypted e-mail
24/05/2016: Vulnerability details sent unencrypted
24/05/2016. Vendor informed the vulnerability has been fixed and a patch will be released in the next automatic update
28/05/2016: A fix was released
28/03/2017: Advisory released


Porteus Kiosk:

About Blaze Information Security

Blaze Information Security is a privately held, independent information security firm born from years of combined experience. With presence in South America and Europe, Blaze has a team of senior analysts with past experience in leading information security consulting companies around the world and a proven track record of published security research.

E-Mail: [email protected]
Wildfire Labs blog:

PGP key fingerprint: 9F8C 5552 C6A3 35F8 76E3 9A0C 09BD AA79 93E7 AE65

About the author

Blaze Labs

Blaze Labs


Ready to take your security
to the next level?

We are! Let’s discuss how we can work together to create strong defenses against real-life cyber threats.

Stay informed, stay secure

Subscribe to our monthly newsletter

Get notified about new articles, industry insights and cybersecurity news