Lucene search
Mozilla FoundationMFSA2014-33HistoryMar 25, 2014 - 12:00 a.m.
File: protocol links downloaded to SD card by default — Mozilla
2014-03-2500:00:00
Mozilla Foundation
www.mozilla.org
13
0.001 Low
EPSS
Percentile
40.7%
Security researcher Roee Hay reported that a hyperlink using the file: protocol on Firefox for Android could link to a local file in the Firefox profile directory. If a user selected this link on their device, the linked file would be copied to the SD card without prompting. This SD card location is world readable leading to a potential information disclosure of files in the Firefox profile through a malicious application.
Related
cve
cve
CVE-2014-1515
2014-03-25 13:25:00
CVE-2014-1566
2014-09-03 10:55:00
cvelist
cvelist
CVE-2014-1515
2014-03-25 01:00:00
CVE-2014-1566
2014-09-03 10:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2014-33) - Deprecated
2021-11-11 00:00:00
seebug
seebug
Mozilla Firefox for Android 'file'协议信息泄露漏洞
2014-03-26 00:00:00
prion
prion
Design/Logic Flaw
2014-03-25 13:25:00
Design/Logic Flaw
2014-09-03 10:55:00
nessus
nessus
Mozilla Firefox for Android < 28.0.1 Multiple Vulnerabilities
2014-03-26 00:00:00
ubuntucve
ubuntucve
CVE-2014-1566
2014-09-03 00:00:00
thn
thn
Multiple Vulnerabilities in Firefox for Android Leak Sensitive Information
2014-03-26 22:00:00
securityvulns
securityvulns