CVE-2015-7190

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 42.0 on Android through 4.4

Description The issue is related to the Search feature in Mozilla Firefox, which supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter. This allows attackers to read log files and visit file: URLs of HTML documents via a crafted application. The vulnerability is also associated with a lack of protection for service data, which can be exploited by a remote attacker to gain access to log files using a specially crafted application.

Recommendations For Mozilla Firefox versions prior to 42.0 on Android through 4.4, update to version 42.0 or later to resolve the issue. As a temporary workaround, consider disabling the Search feature or restricting access to the crash reporter until a patch is available.