Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2013-33

World read and write access to app_tmp directory on Android

Announced
April 2, 2013
Reporter
Shuichiro Suzuki
Impact
Moderate
Products
Firefox
Fixed in
  • Firefox 20

Description

Security researcher Shuichiro Suzuki of the Fourteenforty Research Institute reported the app_tmp directory is set to be world readable and writeable by Firefox for Android. This potentially allows for third party applications to replace or alter Firefox add-ons when downloaded because they are temporarily stored in the app_tmp directory before installation.

This vulnerability only affects Firefox for Android.

References