Multiple cross-site scripting (XSS) vulnerabilities in the Search app in Gaia in Mozilla Firefox OS prior to 2.2 allow remote malicious users to inject arbitrary HTML via the (1) name or (2) title field in card content associated with a search link that is mishandled after a HOME button press or a Show Windows action, as demonstrated by embedding an arbitrary application or spoofing the account-creation page.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox os |