Lucene search
Mozilla FoundationMFSA2015-72HistoryAug 06, 2015 - 12:00 a.m.
Remote HTML tag injection in Gaia Search app — Mozilla
2015-08-0600:00:00
Mozilla Foundation
www.mozilla.org
20
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.001
Percentile
46.6%
Security researcher Muneaki Nishimura reported an issue with Gaia’s Search app which allows an attacker to inject HTML code into the System app’s context via specially-crafted search links. The injection occurs when the user opens such malicious link in the browser and then re-opens the browser or opens the tab view.
Affected configurations
Node
mozillafirefox_osRange<2.2
Related
cve
cve
CVE-2015-2744
2015-08-08 00:59:00
nvd
nvd
CVE-2015-2744
2015-08-08 00:59:00
prion
prion
Cross site scripting
2015-08-08 00:59:00
cvelist
cvelist
CVE-2015-2744
2015-08-08 00:00:00
nessus
nessus
Firefox OS < 2.2 Multiple Vulnerabilities
2015-09-24 00:00:00
securityvulns
securityvulns
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.001
Percentile
46.6%
Related for MFSA2015-72