You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2013-33
Mozilla Foundation Security Advisory 2013-33
Title: World read and write access to app_tmp
directory on Android
Impact: Moderate
Announced: April 2, 2013
Reporter: Shuichiro Suzuki
Products: Firefox for Android
Fixed in: Firefox 20.0
Description
Security researcher Shuichiro Suzuki of the Fourteenforty
Research Institute reported the app_tmp directory is set to be
world readable and writeable by Firefox for Android. This potentially allows for
third party applications to replace or alter Firefox add-ons when downloaded
because they are temporarily stored in the app_tmp directory before
installation.
This vulnerability only affects Firefox for Android.
