Launchpad.net

CVE 2016-2810

Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password.

See the CVE page on Mitre.org for more details.