CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
48.7%
Versions of Mozilla Firefox older than 28.0.1 are unpatched for the following two vulnerabilities:
A local file disclosure vulnerability due to the way the âfileâ protocol is handled. Of specific concern is that files in the Firefox profile directory can be copied to the SD card, which is world-readable, when hyperlinked using the âfile:â protocol, resulting in sensitive information disclosure. (CVE-2014-1515)
The âMath.random()â function used by âsaltProfileNameâ function is cryptographically weak; an attacker could leverage this to predict profile directory name to aid in further attacks in conjunction with other vulnerabilities. (CVE-2014-1516)
Binary data 8175.prm