Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)

Hi, We have recently discovered a series of vulnerabilities in Firefox for Android that allows a malicious application to successfully derandomize the Firefox profile directory name in a practical amount of time and then leak sensitive data such as cookies and cached information which reside in...

CVE-2014-1506

Mozilla Firefox for Android prior to 28.0 (including ESR lines in some releases) contains a directory traversal vulnerability in the Android Crash Reporter. A crafted application can manipulate Crash Reporter arguments to cause local files to be transmitted to arbitrary servers or trigger a denia...