Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Firefox for Android < 28.0.1 Multiple Vulnerabilities



The remote host has a web browser installed that is vulnerable to multiple attack vectors.


Versions of Mozilla Firefox older than 28.0.1 are unpatched for the following two vulnerabilities:

- A local file disclosure vulnerability due to the way the 'file' protocol is handled. Of specific concern is that files in the Firefox profile directory can be copied to the SD card, which is world-readable, when hyperlinked using the 'file:' protocol, resulting in sensitive information disclosure. (CVE-2014-1515)

- The 'Math.random()' function used by 'saltProfileName' function is cryptographically weak; an attacker could leverage this to predict profile directory name to aid in further attacks in conjunction with other vulnerabilities. (CVE-2014-1516)


Upgrade to Mozilla Firefox 28.0.1 for Android (or later) from the Google Play app store.