Lucene search

[email protected]CVE-2015-7191

HistoryNov 05, 2015 - 5:59 a.m.

CVE-2015-7191

2015-11-0505:59:15

CWE-79

[email protected]

web.nvd.nist.gov

mozilla

firefox

android

xss

vulnerability

cve-2015-7191

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.3%

JSON

Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallback navigation, aka “Universal XSS (UXSS).”

Affected configurations

NVD

Node

mozillafirefoxRange≤41.0.2

AND

googleandroid

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle41.0.2

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	41.0.2

References

lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html

www.mozilla.org/security/announce/2015/mfsa2015-125.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securitytracker.com/id/1034069

bugzilla.mozilla.org/show_bug.cgi?id=1208956

security.gentoo.org/glsa/201512-10

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.3%

JSON

Related for CVE-2015-7191

ubuntucve1 prion1 cvelist1 nvd1 mozilla1 nessus4 suse1 freebsd1 kaspersky1 openvas2 ibm1 gentoo1