Mozilla Foundation Security Advisory 2015-75
COPPA error screen in FxAccounts signup allows loading arbitrary web content into B2G root process
- August 6, 2015
- Kartikaya Gupta
- Firefox OS
- Fixed in
- Firefox OS 2.2
Kartikaya Gupta of Mozilla reported an issue within the Firefox Accounts setup dialog that would embed content from a static external URI into the System process. An attacker in a position to control a vulnerable device's network connection could use this to inject arbitrary web content into the System app.