A malicious webpage could have forced a Firefox for Android user into
executing attacker-controlled JavaScript in the context of another domain,
resulting in a Universal Cross-Site Scripting vulnerability. Note: This
issue only affected Firefox for Android. Other operating systems are
unaffected. Further details are being temporarily withheld to allow users
an opportunity to update.. This vulnerability affects Firefox < 88.0.1 and
Firefox for Android < 88.1.3.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
alexmurray | As per the upstream advisory, this issue only affected Firefox for Android and so firefox on ubuntu is unaffected. |