Insecure use of __android_log_print

ID MFSA2012-71
Type mozilla
Reporter Mozilla Foundation
Modified 2012-08-28T00:00:00


Mozilla developer Blake Kaplan reported that __android_log_print is called insecurely in places. If a malicious web page used a dump() statement with a specially crafted string, it can trigger a potentially exploitable crash.

This vulnerability only affects Firefox for Android.