Firefox for Android Automatic File Download to SD Card

Any file which cannot be rendered by Firefox is automatically downloaded to the SD card (/mnt/sdcard/Download), a folder which can be read by a malicious application by acquiring the READ_EXTERNAL_STORAGE permission. Interestingly, this permission was not even enforced before Android 4.4. This allows a malicious application to extract non-renderable data such as the cookies database, once it has managed to derandomize the profile directory name.