Mozilla Foundation Security Advisory 2015-52
Sensitive URL encoded information written to Android logcat
- Announced
- May 12, 2015
- Reporter
- Muneaki Nishimura
- Impact
- Moderate
- Products
- Firefox
- Fixed in
-
- Firefox 38
Description
Security researcher Muneaki Nishimura reported that Firefox
for Android would write potentially sensitive data to the Android
logcat that was encoded as part of logged URL strings. On Android
4.0 or earlier systems, logcat data is available to any application
having READ_LOGS permission, leading to potential privacy
violations.
This does not affect non-Android versions of Firefox and is mitigated in versions of Android higher than 4.0.