CVE-2014-1566

medium

Description

Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1515.

References

https://security.gentoo.org/glsa/201504-01

https://bugzilla.mozilla.org/show_bug.cgi?id=1050690

http://www.securitytracker.com/id/1030792

http://www.securityfocus.com/bid/69522

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.mozilla.org/security/announce/2014/mfsa2014-71.html

Details

Source: Mitre, NVD

Published: 2014-09-03

Updated: 2017-01-07

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity: Medium