Mozilla Firefox prior to 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle malicious users to replace a theme's images and colors by modifying the client-server data stream.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android |
||
mozilla firefox 43.0.4 |