Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1507

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2014-1507
Last Modified 19 Mar 2014 04:55:28
Published 19 Mar 2014 06:55:06
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-1507

Summary

Directory traversal vulnerability in the DeviceStorage API in Mozilla FirefoxOS before 1.2.2 allows attackers to bypass the media sandbox protection mechanism, and read or modify arbitrary files, via a crafted application that uses a relative pathname for a DeviceStorageFile object.

Vulnerable Systems

Operating System

  • Mozilla Firefoxos 1.2


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=940684

CONFIRM - http://www.mozilla.org/security/announce/2014/mfsa2014-25.html


Last Updated: 27 May 2016 11:04:44