CVE-2020-15650

Name of the Vulnerable Software and Affected Versions Firefox ESR versions prior to 68.11

Description The issue is related to insecure privilege management in Firefox ESR for Android, allowing an attacker to overwrite local files, including Firefox settings, if a malicious file picker application is installed. This does not allow access to the previous profile. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Firefox ESR versions prior to 68.11, update to version 68.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of file picker applications to minimize the risk of exploitation.