Versions of Mozilla Firefox older than 28.0.1 are unpatched for the following two vulnerabilities:
A local file disclosure vulnerability due to the way the âfileâ protocol is handled. Of specific concern is that files in the Firefox profile directory can be copied to the SD card, which is world-readable, when hyperlinked using the âfile:â protocol, resulting in sensitive information disclosure. (CVE-2014-1515)
The âMath.random()â function used by âsaltProfileNameâ function is cryptographically weak; an attacker could leverage this to predict profile directory name to aid in further attacks in conjunction with other vulnerabilities. (CVE-2014-1516)
Binary data 8175.prm
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | firefox_mobile | cpe:/a:mozilla:firefox_mobile |