ReaderMode.jsm uses MD5 to hash the URL of a reading list article, to store it for offline access. MD5 is generally best avoided, although in this case it doesn't seem like much of a practical risk... Someone could craft a URL that, when hashed, collides with some other hashed URL. And thus replaces one cached article with their own. You'd have to add both to your reading list, and the attacker would need to know an existing article in your list. (Or collide with a URL you add later, in which case the attacker's URL would be shown with the target's content, but that seems uninteresting.) We don't execute code from a cached page, but the content would appear (in reader view) with the other site's URL in the location bar. Should be a trivial fix (s/MD5/SHA256/), although if we want to worry about migrating existing cached content it would be more complex. Could also add "noOverwrite: true" to the OS.File.writeAtomic call, to block collisions from overwriting an existing file. [Also this should be Android-only, as desktop isn't yet caching articles this way.]

Moving this to Android as it's effectively Android-only code.

We have completed our launch of our new Firefox on Android. The development of the new versions use GitHub for issue tracking. If the bug report still reproduces in a current version of [Firefox on Android nightly](https://play.google.com/store/apps/details?id=org.mozilla.fenix) an issue can be reported at the [Fenix GitHub project](https://github.com/mozilla-mobile/fenix/). If you want to discuss your report please use [Mozilla's chat](https://wiki.mozilla.org/Matrix#Connect_to_Matrix) server https://chat.mozilla.org and join the [#fenix](https://chat.mozilla.org/#/room/#fenix:mozilla.org) channel.