Published: 03/09/2014 Updated: 07/01/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Mozilla Firefox prior to 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows malicious users to obtain sensitive information from the Firefox profile directory via a crafted application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1515.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 30.0
mozilla firefox

Mozilla Foundation Security Advisory 2014-71 Profile directory file access through file: protocol Announced September 2, 2014 Reporter Yu Dongsong Impact High Products Firefox, SeaMonkey Fixed in ...

CWE-264 https://bugzilla.mozilla.org/show_bug.cgi?id=1050690 http://www.mozilla.org/security/announce/2014/mfsa2014-71.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://security.gentoo.org/glsa/201504-01 http://www.securitytracker.com/id/1030792 http://www.securityfocus.com/bid/69522 https://nvd.nist.gov https://www.mozilla.org/en-US/security/advisories/mfsa2014-71/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-1566

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect