Endpoint Vulnerability

XSS attack through intents on Firefox for Android

Description

Security researcher Muneaki Nishimura reported that on Firefox for Android that it is possible to create a cross-site script (XSS) attack through the use of Android intents and fallback navigation. This issue is caused by improper sterilization of opened addresses sent to Firefox through intents.

Affected Products

Firefox

References

CVE-2015-7191,