Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mozillaMozilla FoundationMFSA2014-33
HistoryMar 25, 2014 - 12:00 a.m.

File: protocol links downloaded to SD card by default — Mozilla

2014-03-2500:00:00
Mozilla Foundation
www.mozilla.org
27

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

EPSS

0.001

Percentile

41.2%

JSON

Security researcher Roee Hay reported that a hyperlink using the file: protocol on Firefox for Android could link to a local file in the Firefox profile directory. If a user selected this link on their device, the linked file would be copied to the SD card without prompting. This SD card location is world readable leading to a potential information disclosure of files in the Firefox profile through a malicious application.

Affected configurations

Vulners
Node
mozillafirefoxRange<28.0.1
VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Related

prion 2
seebug 1
cve 2
nvd 2
openvas 1
cvelist 2
nessus 1
ubuntucve 1
thn 1
securityvulns 3
prion
prion
Design/Logic Flaw
2014-03-25 13:25:00
Design/Logic Flaw
2014-09-03 10:55:00
seebug
seebug
Mozilla Firefox for Android 'file'协议信息泄露漏洞
2014-03-26 00:00:00
cve
cve
CVE-2014-1515
2014-03-25 13:25:38
CVE-2014-1566
2014-09-03 10:55:06
nvd
nvd
CVE-2014-1515
2014-03-25 13:25:38
CVE-2014-1566
2014-09-03 10:55:06
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2014-33) - Deprecated
2021-11-11 00:00:00
cvelist
cvelist
CVE-2014-1515
2014-03-25 01:00:00
CVE-2014-1566
2014-09-03 10:00:00
nessus
nessus
Mozilla Firefox for Android < 28.0.1 Multiple Vulnerabilities
2014-03-26 00:00:00
ubuntucve
ubuntucve
CVE-2014-1566
2014-09-03 00:00:00
thn
thn
Multiple Vulnerabilities in Firefox for Android Leak Sensitive Information
2014-03-26 22:00:00
securityvulns
securityvulns
Firefox for Android Profile Directory Derandomization and Data Exfiltration &#40;CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516&#41;
2014-03-27 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2014-05-01 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey / nss multiple security vulnerabilities
2014-03-27 00:00:00

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

EPSS

0.001

Percentile

41.2%

JSON
Related for MFSA2014-33
prion2seebug1cve2nvd2openvas1cvelist2nessus1ubuntucve1thn1securityvulns3