A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference values. Control of arbitrary preferences can lead to sufficient compromise such that it is generally equivalent to arbitrary code execution.<br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7.
References
Link | Resource |
---|---|
https://www.mozilla.org/security/advisories/mfsa2020-13/ | Vendor Advisory |
https://bugzilla.mozilla.org/show_bug.cgi?id=1617928 | Issue Tracking Permissions Required |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2020-04-24 09:15
Updated : 2021-07-21 04:39
NVD link : CVE-2020-6828
Mitre link : CVE-2020-6828
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
- android
mozilla
- firefox_esr