Mozilla Foundation Security Advisory 2015-120
Reading sensitive profile files through local HTML file on Android
- November 3, 2015
- Jordi Chancel
- Fixed in
- Firefox 42
Security researcher Jordi Chancel reported an issue in Firefox for
Android where a locally saved HTML file could use
file: URIs to trigger the
download of additional files or opening of cached profile data without user awareness.
This issue only affects Firefox for Android. Firefox on other operating systems is not affected.