Lucene search
Tenable8175.PRMHistoryMar 26, 2014 - 12:00 a.m.
Mozilla Firefox for Android < 28.0.1 Multiple Vulnerabilities
2014-03-2600:00:00
Tenable
www.tenable.com
10
Versions of Mozilla Firefox older than 28.0.1 are unpatched for the following two vulnerabilities:
-
A local file disclosure vulnerability due to the way the âfileâ protocol is handled. Of specific concern is that files in the Firefox profile directory can be copied to the SD card, which is world-readable, when hyperlinked using the âfile:â protocol, resulting in sensitive information disclosure. (CVE-2014-1515)
-
The âMath.random()â function used by âsaltProfileNameâ function is cryptographically weak; an attacker could leverage this to predict profile directory name to aid in further attacks in conjunction with other vulnerabilities. (CVE-2014-1516)
Binary data 8175.prm| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox_mobile | cpe:/a:mozilla:firefox_mobile |
Related
securityvulns
securityvulns
Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)
2014-03-27 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey / nss multiple security vulnerabilities
2014-03-27 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2014-05-01 00:00:00
thn
thn
Multiple Vulnerabilities in Firefox for Android Leak Sensitive Information
2014-03-26 22:00:00
seebug
seebug
Mozilla Firefox for Android 'file'ĺ莎俥ćŻćłé˛ćźć´
2014-03-26 00:00:00
prion
prion
Design/Logic Flaw
2014-03-25 13:25:00
Design/Logic Flaw
2014-03-29 20:55:00
Design/Logic Flaw
2014-09-03 10:55:00
cve
cve
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2014-33) - Deprecated
2021-11-11 00:00:00
cvelist
cvelist
mozilla
mozilla
File: protocol links downloaded to SD card by default â Mozilla
2014-03-25 00:00:00
ubuntucve
ubuntucve
CVE-2014-1566
2014-09-03 00:00:00
Related for 8175.PRM