Mozilla Firefox prior to 20.0 on Android uses world-writable and world-readable permissions for the app_tmp installation directory in the local filesystem, which allows malicious users to modify add-ons before installation via an application that leverages the time window during which app_tmp is used.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
mozilla firefox 19.0.1 |
||
mozilla firefox 19.0 |