Mozilla Foundation Security Advisory 2013-87
Title: Shared object library loading from
Announced: September 17, 2013
Reporter: Vladimir Vukicevic
Products: Firefox for Android
Fixed in: Firefox 24.0
Mozilla developer Vladimir Vukicevic reported that Firefox for Android will optionally load a shared object (.so) library in order to enable GL tracing. When this is occurs, it can be from a world writable location, allowing for it to be replaced by malicious third party applications before it is loaded by Firefox. This would allow for accessing of all Firefox data or for malicious code to be run by Firefox. This flaw requires malicious software to be loaded on the device and is not accessible by web content.