Published: 05/11/2015 Updated: 07/12/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The Search feature in Mozilla Firefox prior to 42.0 on Android up to and including 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows malicious users to read log files and visit file: URLs of HTML documents via a crafted application.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox

Mozilla Foundation Security Advisory 2015-124 Android intents can be used on Firefox for Android to open privileged files Announced November 3, 2015 Reporter Muneaki Nishimura Impact Moderate Products Firefox Fixed in ...

CWE-200 https://bugzilla.mozilla.org/show_bug.cgi?id=1208520 http://www.mozilla.org/security/announce/2015/mfsa2015-124.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html http://www.securitytracker.com/id/1034069 https://nvd.nist.gov https://www.mozilla.org/en-US/security/advisories/mfsa2015-124/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-7190

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect