Endpoint Vulnerability

Local file access via Open Link in new tab

Description

Security researcher Alex Inf hr reported that on Firefox for Android it is possible to open links to local files from web content by selecting 'Open Link in New Tab' from the context menu using the file: protocol. The web content would have to know the precise location of a malicious local file in order to exploit this issue. This issue does not affect Firefox on non-Android systems.

Affected Products

Firefox

References

CVE-2014-1501,