Mozilla Firefox prior to 42.0 on Android improperly restricts URL strings in intents, which allows malicious users to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallback navigation, aka "Universal XSS (UXSS)."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |