Mozilla Foundation Security Advisory 2015-52

Sensitive URL encoded information written to Android logcat

Announced
May 12, 2015
Reporter
Muneaki Nishimura
Impact
Moderate
Products
Firefox
Fixed in
  • Firefox 38

Description

Security researcher Muneaki Nishimura reported that Firefox for Android would write potentially sensitive data to the Android logcat that was encoded as part of logged URL strings. On Android 4.0 or earlier systems, logcat data is available to any application having READ_LOGS permission, leading to potential privacy violations.

This does not affect non-Android versions of Firefox and is mitigated in versions of Android higher than 4.0.

References