Mozilla Firefox prior to 38.0 on Android does not properly restrict writing URL data to the Android logging system, which allows malicious users to obtain sensitive information via a crafted application that has a required permission for reading a log, as demonstrated by the READ_LOGS permission for the mixed-content violation log on Android 4.0 and previous versions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |