9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
72.1%
Mozlla developer Ben Turner discovered that the protection against Directory Traversal through the DeviceStorage API was implemented in the wrong process on Firefox OS. If a Firefox OS application with any device-storage permissions were compromised an attacker could escape the media sandbox and potentially read or write any file on the device, depending on the permission level of the application
CPE | Name | Operator | Version |
---|---|---|---|
firefox os | lt | 1.2.2 | |
firefox os | lt | 1.3 |