CVE-2015-7186

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 42.0 on Android

Description The issue is related to a lack of protection for service data, which can be exploited by a remote attacker using a specially crafted HTML document. This can allow the attacker to bypass access control rules and compromise data privacy. The exploitation involves bypassing the Same Origin Policy, potentially leading to unauthorized actions such as triggering a download or reading cached profile data via a file: URL in a saved HTML document.

Recommendations For Mozilla Firefox versions prior to 42.0 on Android, update to version 42.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of file: URLs in saved HTML documents to minimize the risk of exploitation. Restrict access to sensitive data and profile information until the update is applied.