[email protected]CVE-2015-7195

HistoryNov 05, 2015 - 5:59 a.m.

CVE-2015-7195

2015-11-0505:59:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2015-7195

mozilla firefox

url parsing

escaped characters

sensitive information

nvd

8.7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.4%

JSON

The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle41.0.2

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	41.0.2

References

lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html

www.mozilla.org/security/announce/2015/mfsa2015-129.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securitytracker.com/id/1034069

www.ubuntu.com/usn/USN-2785-1

bugzilla.mozilla.org/show_bug.cgi?id=1211871

security.gentoo.org/glsa/201512-10

8.7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.4%

JSON

Related for CVE-2015-7195

openvas7 mozilla1 ubuntucve1 prion1 mageia1 ubuntu1 nessus7 archlinux1 suse1 freebsd1 kaspersky1 ibm1 gentoo1