firefox is vulnerable to insecure cookie management. The vulnerability exists when a user downloaded a file in Firefox for Android, and if a cookie is set. The cookie was re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in private and non-private browsing modes.