Mozilla Foundation Security Advisory 2014-21

Local file access via Open Link in new tab

Announced
March 18, 2014
Reporter
Alex Inführ
Impact
Moderate
Products
Firefox
Fixed in
  • Firefox 28

Description

Security researcher Alex Inführ reported that on Firefox for Android it is possible to open links to local files from web content by selecting "Open Link in New Tab" from the context menu using the file: protocol. The web content would have to know the precise location of a malicious local file in order to exploit this issue. This issue does not affect Firefox on non-Android systems.

References