Published: 18/09/2013 Updated: 03/10/2013
CVSS v2 Base Score: 4 | Impact Score: 4.9 | Exploitability Score: 4.9
VMScore: 405
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N

Vulnerability Summary

Mozilla Firefox prior to 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file.

Affected Products

Vendor Product Versions
MozillaFirefox19.0, 19.0.1, 19.0.2, 20.0, 20.0.1, 21.0, 22.0, 23.0, 23.0.1

Vendor Advisories

Same-origin bypass through symbolic links Announced September 17, 2013 Reporter Takeshi Terada Impact Moderate Products Firefox Fixed in Firefox 24 ...


source: wwwsecurityfocuscom/bid/62480/info Mozilla Firefox is prone to a security-bypass vulnerability Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute arbitrary script code in the browser of an unsuspecting user in the context of another site This could be use ...

Mailing Lists

Firefox for Android versions prior to 24 suffer from a same-origin bypass vulnerability via symbolic links ...