Mozilla Firefox CVE-2016-2810 Weak Authentication Vulnerability

description-logoDescription

Security researcher Ken Okuyama reported an issue on Firefox for Android where a previously installed malicious application can access content provider permissions for Firefox in order to read data. This data includes browser history and locally saved passwords. This issue occurs when a list of permissions is defined to match those that Firefox uses for content providers and bypasses signature protections. This issue does not occur on Android 5.0 or later versions of Android.

affected-products-logoAffected Applications

Firefox

CVE References

CVE-2016-2810