Security researcher Alex Inführ reported that on
Firefox for Android it is possible to open links to local files from web content
by selecting "Open Link in New Tab" from the context menu using the
file:
protocol. The web content would have to know the precise
location of a malicious local file in order to exploit this issue. This issue
does not affect Firefox on non-Android systems.