Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1515

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2014-1515
Last Modified 01 Apr 2014 02:28:56
Published 25 Mar 2014 09:25:38
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2014-1515

Summary

Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application.

Vulnerable Systems

Application

  • Mozilla Firefox 28.0


References

CONFIRM - https://www.mozilla.org/security/announce/2014/mfsa2014-33.html

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=945429

BUGTRAQ - 20140326 Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)


Last Updated: 27 May 2016 11:04:48