CVE-2014-1506

MEDIUM

Description

Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a denial of service (application crash), via a crafted application that specifies Android Crash Reporter arguments.

References

http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html

http://www.mozilla.org/security/announce/2014/mfsa2014-24.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.securityfocus.com/bid/66420

https://bugzilla.mozilla.org/show_bug.cgi?id=944374

Details

Source: MITRE

Published: 2014-03-19

Updated: 2016-11-15

Type: CWE-22

Risk Information

CVSS v2.0

Base Score: 6.4

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Impact Score: 4.9

Exploitability Score: 10

Severity: MEDIUM