Mozilla Foundation Security Advisory 2020-27

Security Vulnerabilities fixed in Firefox for Android 68.10.1

Announced
July 6, 2020
Impact
critical
Products
Firefox
Fixed in
  • Firefox 68.10.1

#CVE-2020-15647: Arbitrary local file access in Firefox for Android

Reporter
Pedro Oliveira
Impact
critical
Description

A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins.

References