Firefox AUS (Application Update Service) Security Audit Report By German X41 D-SEC GMBH

In Summary :

X41 D-Sec GmbH performed a technical security audit of the Firefox Application Update Service (AUS) in March and April 2018 to asses the service for potential security vulnerabilities. The Firefox AUS handles software updates on desktop and Android platforms. It comprises server-side

backend services that expose public APIs returning XML documents to allow Firefox clients to retrieve update files. Clients poll the API at regular intervals and download updates when needed.

A total of 14 vulnerabilities were discovered during the test by X41 D-Sec GmbH. No vulnerabilities were rated as critical, three were classified as high severity, seven as medium, and four as low. Additionally, 21 issues without a direct security impact were identified.[...]

kindly refer the following link as follow up :
https://ift.tt/2OU9HkW