Endpoint Vulnerability

Sensitive URL encoded information written to Android logcat

Description

Security researcher Muneaki Nishimura reported that Firefox for Android would write potentially sensitive data to the Android logcat that was encoded as part of logged URL strings. On Android 4.0 or earlier systems, logcat data is available to any application having READ_LOGS permission, leading to potential privacy violations.

Affected Products

Firefox

References

CVE-2015-2714,