Fatal0

Name of the Vulnerable Software and Affected Versions: Firefox for Android versions prior to 86 Description: The issue is a time-of-check-time-of-use vulnerability that allows a malicious application to read sensitive data from application directories. This problem is specific to Firefox for Android, with other operating systems being unaffected. Recommendations: For Firefox for Android versions prior to 86, update to version 86 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive application directories until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Microsoft Word for Android (affected versions not specified) **Description** The issue is related to insufficient input validation in Microsoft Word for Android, which can be exploited by a remote attacker to execute arbitrary code. To exploit the issue, an attacker would need to convince a user to open a specially crafted URL file. The exploitation allows for remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Firefox for Android versions prior to 68.7 Firefox ESR versions prior to 68.7 **Description** A malicious Android application could craft an Intent that would be processed by Firefox for Android, potentially resulting in a file overwrite in the user's profile directory. This could lead to the supply of a user.js file with arbitrary malicious preference values, allowing control of arbitrary preferences. This level of control is generally equivalent to arbitrary code execution. **Recommendations** For Firefox for Android versions prior to 68.7, update to version 68.7 or later. For Firefox ESR versions prior to 68.7, update to version 68.7 or later.