Mozilla Firefox for Android < 42.0 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 9019
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote host has a web browser installed that is vulnerable to multiple attack vectors.


Versions of Mozilla Firefox for Android earlier than 42.0 are affected by multiple vulnerabilities. These include :

- A flaw exists in 'mobile/android/chrome/content/browser.js' that is triggered when the device exits fullscreen mode. This allows a context-dependent attacker to spoof the address bar. (CVE-2015-7185)
- A flaw exists in 'mobile/android/components/HelperAppDialog.js' that is triggered when handling the 'file://' URI scheme. This may allow a context-dependent attacker to download arbitrary files or open cached profile data without the user knowing. (CVE-2015-7186)
- A flaw exists in 'mobile/android/search/java/org/mozilla/search/' related to the crash reporter. The issue is triggered when a registered search engine uses an Android intent to launch the program. This may allow a malicious app to gain access to local log files that may contain sensitive information or local HTML files through file: URIs. (CVE-2015-7190)
- A flaw exists in the 'IntentHelper::openNoHandler()' function in 'mobile/android/base/' The issue is triggered when handling 'intent://' URLs during Fallback navigation. This may allow a context-dependent attacker to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server (i.e. conduct UXSS attacks). (CVE-2015-7191)


Upgrade to Mozilla Firefox 42.0 or later from the Google Play app store.

See Also

Plugin Details

Severity: Medium

ID: 9019

Published: 12/7/2015

Updated: 3/6/2019

Dependencies: 6534

Risk Information


Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:a:mozilla:firefox_mobile:*:*:*:*:*:*:*:*

Patch Publication Date: 11/3/2015

Vulnerability Publication Date: 9/2/2015

Reference Information

CVE: CVE-2015-7186, CVE-2015-7185, CVE-2015-7191, CVE-2015-7190

BID: 77412