Mozilla Foundation Security Advisory 2017-04

Security vulnerabilities fixed in Firefox 51.0.3

Announced
February 9, 2017
Impact
critical
Products
Firefox
Fixed in
  • Firefox 51.0.3

Firefox 51.0.3 is an Android only release. The security issue listed does not affect Firefox for other operating systems.

#CVE-2017-5397: Firefox for Android cache directory is world writable

Reporter
Jim Chen
Impact
critical
Description

The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own versions.

References