Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-7190
HistoryNov 05, 2015 - 12:00 a.m.

CVE-2015-7190

2015-11-0500:00:00
ubuntu.com
ubuntu.com
9

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

64.2%

The Search feature in Mozilla Firefox before 42.0 on Android through 4.4
supports search-engine URL registration through an intent and can access
this URL in a privileged context in conjunction with the crash reporter,
which allows attackers to read log files and visit file: URLs of HTML
documents via a crafted application.

Notes

Author Note
chrisccoulson Android only

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

64.2%