CVE-2014-1566

MEDIUM

Description

Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1515.

References

http://www.mozilla.org/security/announce/2014/mfsa2014-71.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.securityfocus.com/bid/69522

http://www.securitytracker.com/id/1030792

https://bugzilla.mozilla.org/show_bug.cgi?id=1050690

https://security.gentoo.org/glsa/201504-01

Details

Source: MITRE

Published: 2014-09-03

Updated: 2017-01-07

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM