Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2014-33

File: protocol links downloaded to SD card by default

Announced
March 25, 2014
Reporter
Roee Hay
Impact
High
Products
Firefox
Fixed in
  • Firefox 28.0.1

Description

Security researcher Roee Hay reported that a hyperlink using the file: protocol on Firefox for Android could link to a local file in the Firefox profile directory. If a user selected this link on their device, the linked file would be copied to the SD card without prompting. This SD card location is world readable leading to a potential information disclosure of files in the Firefox profile through a malicious application.

References