Endpoint Vulnerability

Profile directory file access through file: protocol

Description

Security researcher Yu Dongsong reported on Firefox for Android that a file: protocol hyperlink could link to a local file in the Firefox profile directory, bypassing access restrictions. This issue was previously addressed in Mozilla Foundation Security Advisory 2014-33 but not completely.

Affected Products

Firefox

References

CVE-2014-1566,