CVE-2019-9798

Summary

On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. Note: This issue only affects Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 66.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 66affected

Weaknesses

  • Library is loaded from world writable APITRACE_LIB location

ADP Enrichment

CVE Program Container

Additional References

References