Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Mozilla Releases security update

Number: AV17-021
Date: 14 February 2017

Purpose

The purpose of this advisory is to raise awareness of a vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. in Mozilla Firefox for Android devices for which an update is now available.

Assessment

Mozilla has released a security update for Firefox for Android devices which address an issue where the cache directory is world writable. The severity of this issue is considered to be critical.

This vulnerability has been fixed in version 51.0.3 of Firefox.

CVE References: CVE-2017-5397

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released update to affected applications accordingly.

References

https://www.mozilla.org/en-US/security/advisories/mfsa2017-04/

Date modified: