You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2013-33

Mozilla Foundation Security Advisory 2013-33

Title: World read and write access to app_tmp directory on Android
Impact: Moderate
Announced: April 2, 2013
Reporter: Shuichiro Suzuki
Products: Firefox for Android

Fixed in: Firefox 20.0

Description

Security researcher Shuichiro Suzuki of the Fourteenforty Research Institute reported the app_tmp directory is set to be world readable and writeable by Firefox for Android. This potentially allows for third party applications to replace or alter Firefox add-ons when downloaded because they are temporarily stored in the app_tmp directory before installation.

This vulnerability only affects Firefox for Android.

References