N/A

A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference values. Control of arbitrary preferences can lead to sufficient compromise such that it is generally equivalent to arbitrary code execution.<br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7.

N/A

N/A

Mozilla Firefox ESR 缓冲区错误漏洞

Mozilla Firefox ESR是美国Mozilla基金会的Firefox(Web浏览器)的一个延长支持版本。 基于Android平台的Mozilla Firefox ESR 68.7之前版本中存在安全漏洞。攻击者可借助恶意的偏好值利用该漏洞覆盖用户的偏好设置，执行任意代码。

N/A

N/A