Mozilla Foundation Security Advisory 2012-71

Insecure use of __android_log_print

Announced
August 28, 2012
Reporter
Blake Kaplan
Impact
High
Products
Firefox
Fixed in
  • Firefox 15

Description

Mozilla developer Blake Kaplan reported that __android_log_print is called insecurely in places. If a malicious web page used a dump() statement with a specially crafted string, it can trigger a potentially exploitable crash.

This vulnerability only affects Firefox for Android.

References