Main Vulnerability Database Vulnerabilities #VU29576

#VU29576 Permissions, Privileges, and Access Controls in Firefox for Android

Published: July 8, 2020 / Updated: July 8, 2020

Vulnerability identifier: #VU29576

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Firefox for Android

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage. A remote attacker can create a specially crafted web page, trick the victim into opening it and read sensitive information on de device, including cookies for other origins.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2020-27/