Mozilla Firefox for Android < 32 / 31.1 'file:' Protocol Directory Access

Low Nessus Network Monitor Plugin ID 8372


The remote Android host was detected using an outdated version of Mozilla Firefox.


Versions of Mozilla Firefox older than 32 (or 31.1) contain an information disclosure vulnerability wherein a file: protocol hyperlink could link to a local file in the Firefox profile directory, bypassing access restrictions. This issue was only incompletely addressed by a previous version but has since been more fully patched.


Upgrade to Mozilla Firefox for Android, versions 32 or 31.1 or later, from the Google Play app store.

See Also

Plugin Details

Severity: Low

ID: 8372

Family: Web Clients

Published: 2014/09/02

Modified: 2018/09/16

Dependencies: 6534

Risk Information

Risk Factor: Low


Base Score: 1.9

Temporal Score: 1.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C


Base Score: 2.9

Temporal Score: 2.8


Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox_mobile

Patch Publication Date: 2014/09/02

Vulnerability Publication Date: 2014/09/02

Reference Information

CVE: CVE-2014-1566, CVE-2014-1515

BID: 66393, 69522