Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Firefox for Android < 32 / 31.1 'file:' Protocol Directory Access

Low

Synopsis

The remote Android host was detected using an outdated version of Mozilla Firefox.

Description

Versions of Mozilla Firefox older than 32 (or 31.1) contain an information disclosure vulnerability wherein a file: protocol hyperlink could link to a local file in the Firefox profile directory, bypassing access restrictions. This issue was only incompletely addressed by a previous version but has since been more fully patched.

Solution

Upgrade to Mozilla Firefox for Android, versions 32 or 31.1 or later, from the Google Play app store.