Lucene search

[email protected]CVE-2015-7211

HistoryDec 16, 2015 - 11:59 a.m.

CVE-2015-7211

2015-12-1611:59:09

CWE-20

[email protected]

web.nvd.nist.gov

cve-2015-7211

mozilla firefox

web spoofing

data uri

security vulnerability

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.2%

JSON

Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors.

Affected configurations

NVD

Node

mozillafirefoxRange≤42.0

Node

fedoraprojectfedoraMatch22

fedoraprojectfedoraMatch23

Node

opensuseleapMatch42.1

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle42.0

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	42.0

References

lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html

lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html

lists.opensuse.org/opensuse-updates/2015-12/msg00104.html

lists.opensuse.org/opensuse-updates/2016-02/msg00007.html

lists.opensuse.org/opensuse-updates/2016-02/msg00008.html

www.mozilla.org/security/announce/2015/mfsa2015-141.html

www.securityfocus.com/bid/79280

www.securitytracker.com/id/1034426

www.ubuntu.com/usn/USN-2833-1

bugzilla.mozilla.org/show_bug.cgi?id=1221444

security.gentoo.org/glsa/201512-10

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.2%

JSON

Related for CVE-2015-7211

nvd1 mozilla1 openvas6 ubuntucve1 cvelist1 prion1 freebsd1 ubuntu1 nessus11 archlinux1 kaspersky1 mageia1 gentoo1