CVE-2019-9798
N/A
N/A
Summary
On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. Note: This issue only affects Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 66.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox | unspecified < 66 | affected |
Weaknesses
- Library is loaded from world writable APITRACE_LIB location
ADP Enrichment
CVE Program Container
Additional References
- https://www.mozilla.org/security/advisories/mfsa2019-07/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1527534
References
- https://www.mozilla.org/security/advisories/mfsa2019-07/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1527534
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.