Mozilla fixed a bug in the l10n localization of the default homescreen
app of Firefox OS reported by security researcher Muneaki
Nishimura. Exploiting this issue requires tricking the user into
bookmarking a specially crafted web page via the 'Add to home screen'
functionality. As a result, an iframe
controlled by the
attacker would be executed with homescreen privileges, potentially
leading to further system compromise.