You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2013-87

Mozilla Foundation Security Advisory 2013-87

Title: Shared object library loading from writable location
Impact: High
Announced: September 17, 2013
Reporter: Vladimir Vukicevic
Products: Firefox for Android

Fixed in: Firefox 24.0

Description

Mozilla developer Vladimir Vukicevic reported that Firefox for Android will optionally load a shared object (.so) library in order to enable GL tracing. When this is occurs, it can be from a world writable location, allowing for it to be replaced by malicious third party applications before it is loaded by Firefox. This would allow for accessing of all Firefox data or for malicious code to be run by Firefox. This flaw requires malicious software to be loaded on the device and is not accessible by web content.

References