Published: 05/11/2015 Updated: 07/12/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The URL parsing implementation in Mozilla Firefox prior to 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote malicious users to obtain sensitive information via vectors involving a redirect.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Mozilla Foundation Security Advisory 2015-129 Certain escaped characters in host of Location-header are being treated as non-escaped Announced November 3, 2015 Reporter Frans Rosén Impact Low Products Firefox Fixed in ...

The URL parsing implementation in Mozilla Firefox before 420 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect ...

CWE-200 http://www.mozilla.org/security/announce/2015/mfsa2015-129.html https://bugzilla.mozilla.org/show_bug.cgi?id=1211871 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://security.gentoo.org/glsa/201512-10 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html http://www.ubuntu.com/usn/USN-2785-1 http://www.securitytracker.com/id/1034069 https://usn.ubuntu.com/2785-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2015-7195

CVE-2015-7195

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect