Lucene search

[email protected]CVE-2015-2714

HistoryMay 14, 2015 - 10:59 a.m.

CVE-2015-2714

2015-05-1410:59:00

CWE-264

[email protected]

web.nvd.nist.gov

mozilla

firefox

android

cve-2015-2714

security

sensitive information

vulnerability

8.4 High

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

24.5%

JSON

Mozilla Firefox before 38.0 on Android does not properly restrict writing URL data to the Android logging system, which allows attackers to obtain sensitive information via a crafted application that has a required permission for reading a log, as demonstrated by the READ_LOGS permission for the mixed-content violation log on Android 4.0 and earlier.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle37.0.2

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	37.0.2

References

www.mozilla.org/security/announce/2015/mfsa2015-52.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securityfocus.com/bid/74611

bugzilla.mozilla.org/show_bug.cgi?id=1149094

security.gentoo.org/glsa/201605-06

8.4 High

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

24.5%

JSON

Related for CVE-2015-2714

openvas1 ubuntucve1 prion1 mozilla1 kaspersky1 securityvulns1 nessus2 freebsd1 gentoo1