CVE-2014-1506

2014-03-1910:55:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2014-1506

directory traversal

vulnerability

android

mozilla firefox

denial of service

nvd

8.5 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.004 Low

EPSS

Percentile

74.1%

JSON

Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a denial of service (application crash), via a crafted application that specifies Android Crash Reporter arguments.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle27.0.1
mozilla:firefoxmozilla firefoxeq0.1
mozilla:firefoxmozilla firefoxeq0.2
mozilla:firefoxmozilla firefoxeq0.3
mozilla:firefoxmozilla firefoxeq0.4
mozilla:firefoxmozilla firefoxeq0.5
mozilla:firefoxmozilla firefoxeq0.6
mozilla:firefoxmozilla firefoxeq0.6.1
mozilla:firefoxmozilla firefoxeq0.7
mozilla:firefoxmozilla firefoxeq0.7.1

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	27.0.1
mozilla:firefox	mozilla firefox	eq	0.1
mozilla:firefox	mozilla firefox	eq	0.2
mozilla:firefox	mozilla firefox	eq	0.3
mozilla:firefox	mozilla firefox	eq	0.4
mozilla:firefox	mozilla firefox	eq	0.5
mozilla:firefox	mozilla firefox	eq	0.6
mozilla:firefox	mozilla firefox	eq	0.6.1
mozilla:firefox	mozilla firefox	eq	0.7
mozilla:firefox	mozilla firefox	eq	0.7.1