Ken Okuyama

**Name of the Vulnerable Software and Affected Versions** Firefox for Android versions prior to 50 **Description** A malicious Android application with the same signature-level permissions as Firefox can intercept AuthTokens intended for Firefox. This issue is specific to Firefox for Android and does not affect other versions or operating systems. **Recommendations** For Firefox for Android versions prior to 50, update to version 50 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox for Android versions prior to 50 **Description** A previously installed malicious Android application with specific signature-level permissions can access API keys intended for Firefox. This issue is exclusive to Firefox for Android, with other versions and operating systems remaining unaffected. **Recommendations** For Firefox for Android versions prior to 50, update to version 50 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 46.0 on Android versions prior to 5.0 **Description** The issue is related to insufficient access control, allowing attackers to bypass intended Signature access requirements. This can be achieved via a crafted application that leverages content-provider permissions. As a result, an attacker could read the browser history or a saved password. The vulnerability can be exploited by a remote attacker using a specially crafted application to bypass existing access restrictions. **Recommendations** For Mozilla Firefox versions prior to 46.0 on Android versions prior to 5.0, update to version 46.0 or later to resolve the issue.