Mozilla Foundation Security Advisory 2014-06

Profile path leaks to Android system log

Announced

February 4, 2014

Reporter

Roee Hay

Impact

Moderate

Products

Firefox

Fixed in

Firefox 27

Description

Mozilla developer Roee Hay reported that Firefox for Android profile paths leak to the Android system log. When running on Android 4.2 or earlier, other applications are able to read these log files, leading to information disclosure from the user's profile directory. This issue was also independently reported by Mozilla developer Richard Newman.

References

Fennec leaks profile path to logcat (CVE-2014-1484)

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2014-06

Profile path leaks to Android system log

Description

References