Lucene search

[email protected]NVD:CVE-2015-5961

HistoryAug 08, 2015 - 12:59 a.m.

CVE-2015-5961

2015-08-0800:59:06

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

31.9%

JSON

The COPPA error page in the Accounts setup dialog in Mozilla Firefox OS before 2.2 embeds content from an external web server URL into the System process, which allows man-in-the-middle attackers to bypass intended access restrictions by spoofing that server.

Affected configurations

Nvd

Node

mozillafirefox_osRange≤2.1.0

VendorProductVersionCPE
mozillafirefox_os*cpe:2.3:o:mozilla:firefox_os:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox_os	*	cpe:2.3:o:mozilla:firefox_os::::::::

References

www.mozilla.org/security/announce/2015/mfsa2015-75.html

www.securityfocus.com/bid/76255

bugzilla.mozilla.org/show_bug.cgi?id=1123433

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

31.9%

JSON

Related for NVD:CVE-2015-5961

prion1 cvelist1 cve1 nessus1