Lucene search

[email protected]CVE-2015-2711

HistoryMay 14, 2015 - 10:59 a.m.

CVE-2015-2711

2015-05-1410:59:00

CWE-200

[email protected]

web.nvd.nist.gov

mozilla

firefox

cve-2015-2711

security

referrer policy

sensitive information

8.7 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

69.2%

JSON

Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to obtain sensitive information by reading web-server Referer logs that contain private data in a URL, as demonstrated by a private path component.

CPENameOperatorVersion
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2
mozilla:firefoxmozilla firefoxle37.0.2

CPE	Name	Operator	Version
opensuse:opensuse	opensuse	eq	13.1
opensuse:opensuse	opensuse	eq	13.2
mozilla:firefox	mozilla firefox	le	37.0.2

References

lists.opensuse.org/opensuse-updates/2015-05/msg00036.html

www.mozilla.org/security/announce/2015/mfsa2015-49.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securityfocus.com/bid/74611

www.ubuntu.com/usn/USN-2602-1

bugzilla.mozilla.org/show_bug.cgi?id=1113431

security.gentoo.org/glsa/201605-06

8.7 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

69.2%

JSON

Related for CVE-2015-2711

mozilla1 prion1 openvas5 ubuntucve1 archlinux1 ubuntu1 nessus8 kaspersky1 securityvulns1 freebsd1 mageia1 gentoo1