Endpoint Vulnerability

World read and write access to app_tmp directory on Android

Description

Security researcher Shuichiro Suzuki of the Fourteenforty Research Institute reported the app_tmp directory is set to be world readable and writeable by Firefox for Android. This potentially allows for third party applications to replace or alter Firefox add-ons when downloaded because they are temporarily stored in the app_tmp directory before installation.

Affected Products

Firefox

References

CVE-2013-0798,