Lucene search
Mozilla FoundationMFSA2015-73HistoryAug 06, 2015 - 12:00 a.m.
Remote HTML tag injection in Gaia System app — Mozilla
2015-08-0600:00:00
Mozilla Foundation
www.mozilla.org
16
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.002
Percentile
54.2%
Security researcher Muneaki Nishimura reported an issue with Gaia’s System app which allows an attacker to inject HTML code into the System app’s context via specially-crafted search links. The injection occurs when the user opens such malicious link in the browser and then presses the HOME button or uses the Show Windows function.
Affected configurations
Node
mozillafirefox_osRange<2.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox_os | * | cpe:2.3:o:mozilla:firefox_os:*:*:*:*:*:*:*:* |
Related
prion
prion
Cross site scripting
2015-08-08 00:59:00
cvelist
cvelist
CVE-2015-2745
2015-08-08 00:00:00
nvd
nvd
CVE-2015-2745
2015-08-08 00:59:02
cve
cve
CVE-2015-2745
2015-08-08 00:59:02
nessus
nessus
Firefox OS < 2.2 Multiple Vulnerabilities
2015-09-24 00:00:00
securityvulns
securityvulns
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.002
Percentile
54.2%
Related for MFSA2015-73