The Search feature in Mozilla Firefox prior to 42.0 on Android up to and including 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows malicious users to read log files and visit file: URLs of HTML documents via a crafted application.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |