A vulnerability in mobile version of the Firefox browser exposed victims’ local files to attackers if they visited a specially crafted web page.
The security bug, which impacted mobile devices running the Android Firefox app, allowed a malicious website to steal sensitive files, including cookies from any previously visited site.
This was due, in part, to the way Firefox uses content:// URIs, which enable Android devices to identify data in a content provider and can represent various files or database information.
Security researcher Pedro Oliveira, who discovered the bug, explained: “When I tested Firefox’s use of content URIs, I noticed the address bar was changing while rendering the URI, redirecting me to a file:// URI.”
He added: “It appeared that Firefox was saving the content to a file, and then redirecting me to that [newly] created file – the file was being saved in the internal temporary folder /data/data/org.mozilla/firefox/cache/contentUri/.”
