Endpoint Vulnerability

Reading sensitive profile files through local HTML file on Android

Description

Security researcher Jordi Chancel reported an issue in Firefox for Android where a locally saved HTML file could use file: URIs to trigger the download of additional files or opening of cached profile data without user awareness.

Affected Products

Firefox

References

CVE-2015-7186,