You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2013-84

Mozilla Foundation Security Advisory 2013-84

Title: Same-origin bypass through symbolic links
Impact: Moderate
Announced: September 17, 2013
Reporter: Takeshi Terada
Products: Firefox for Android

Fixed in: Firefox 24.0

Description

Security researcher Takeshi Terada reported a mechanism to violate same-origin policy for local files using file:// through the use of symbolic links. This problem only affects web pages loaded from the local filesystem. This could allow for cross-site scripting (XSS) and access to locally stored Firefox files containing passwords and cookies.

This problem is specific to Firefox for Android.

References