CVE-2014-1506

medium

Description

Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a denial of service (application crash), via a crafted application that specifies Android Crash Reporter arguments.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=944374

http://www.securityfocus.com/bid/66420

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.mozilla.org/security/announce/2014/mfsa2014-24.html

http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html

Details

Source: Mitre, NVD

Published: 2014-03-19

Updated: 2016-11-15

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity: Medium