Detections
Analytics

Mozilla Firefox for Android < 32 / 31.1 'file:' Protocol Directory Access

low Nessus Network Monitor Plugin ID 8372

Synopsis

The remote Android host was detected using an outdated version of Mozilla Firefox.

Description

Versions of Mozilla Firefox older than 32 (or 31.1) contain an information disclosure vulnerability wherein a file: protocol hyperlink could link to a local file in the Firefox profile directory, bypassing access restrictions. This issue was only incompletely addressed by a previous version but has since been more fully patched.

Solution

Upgrade to Mozilla Firefox for Android, versions 32 or 31.1 or later, from the Google Play app store.

See Also

http://www.mozilla.org/security/announce

http://www.mozilla.org/security/announce/2014/mfsa2014-71.html

Plugin Details

Severity: Low

ID: 8372

Family: Web Clients

Published: 9/2/2014

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Low

Base Score: 1.9

Temporal Score: 1.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Low

Base Score: 2.9

Temporal Score: 2.8

Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox_mobile

Patch Publication Date: 9/2/2014

Vulnerability Publication Date: 9/2/2014

Reference Information

CVE: CVE-2014-1515, CVE-2014-1566

BID: 66393, 69522