Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.* External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15649
Acknowledgments: Name: the Mozilla project Upstream: Andrea Palazzo, Pedro Oliveira
Statement: This issue only affected Firefox for Android. Other operating systems are unaffected.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-15649