Lucene search

Mozilla FoundationMFSA2015-152

HistoryDec 30, 2015 - 12:00 a.m.

Lockscreen passcode bypass due to race condition — Mozilla

2015-12-3000:00:00

Mozilla Foundation

www.mozilla.org

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

6.4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

33.3%

JSON

Shally Li was first to report a race condition in the lockscreen of Firefox OS that can be used to bypass the passcode lock of a Firefox OS device. Under certain circumstances on a locked device, the user will be dropped directly to the homescreen instead of being presented with the passcode input dialog.

Affected configurations

Vulners

Node

mozillafirefox_osRange<2.5

VendorProductVersionCPE
mozillafirefox_os*cpe:2.3:o:mozilla:firefox_os:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox_os	*	cpe:2.3:o:mozilla:firefox_os::::::::

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8511

bugzilla.mozilla.org/show_bug.cgi?id=1173284

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

6.4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

33.3%

JSON

Related for MFSA2015-152