Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable8175.PRM
HistoryMar 26, 2014 - 12:00 a.m.

Mozilla Firefox for Android < 28.0.1 Multiple Vulnerabilities

2014-03-2600:00:00
Tenable
www.tenable.com
13

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.001

Percentile

48.7%

JSON

Versions of Mozilla Firefox older than 28.0.1 are unpatched for the following two vulnerabilities:

  • A local file disclosure vulnerability due to the way the ‘file’ protocol is handled. Of specific concern is that files in the Firefox profile directory can be copied to the SD card, which is world-readable, when hyperlinked using the ‘file:’ protocol, resulting in sensitive information disclosure. (CVE-2014-1515)

  • The ‘Math.random()’ function used by ‘saltProfileName’ function is cryptographically weak; an attacker could leverage this to predict profile directory name to aid in further attacks in conjunction with other vulnerabilities. (CVE-2014-1516)

Binary data 8175.prm

Related

thn 1
securityvulns 3
prion 3
seebug 1
cve 3
mozilla 1
cvelist 3
nvd 3
openvas 1
ubuntucve 1
thn
thn
Multiple Vulnerabilities in Firefox for Android Leak Sensitive Information
2014-03-26 22:00:00
securityvulns
securityvulns
Firefox for Android Profile Directory Derandomization and Data Exfiltration &#40;CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516&#41;
2014-03-27 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey / nss multiple security vulnerabilities
2014-03-27 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2014-05-01 00:00:00
prion
prion
Design/Logic Flaw
2014-03-25 13:25:00
Design/Logic Flaw
2014-03-29 20:55:00
Design/Logic Flaw
2014-09-03 10:55:00
seebug
seebug
Mozilla Firefox for Android 'file'协议信息泄露漏洞
2014-03-26 00:00:00
cve
cve
CVE-2014-1515
2014-03-25 13:25:38
CVE-2014-1516
2014-03-29 20:55:04
CVE-2014-1566
2014-09-03 10:55:06
mozilla
mozilla
File: protocol links downloaded to SD card by default — Mozilla
2014-03-25 00:00:00
cvelist
cvelist
CVE-2014-1515
2014-03-25 01:00:00
CVE-2014-1516
2014-03-29 20:00:00
CVE-2014-1566
2014-09-03 10:00:00
nvd
nvd
CVE-2014-1515
2014-03-25 13:25:38
CVE-2014-1516
2014-03-29 20:55:04
CVE-2014-1566
2014-09-03 10:55:06
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2014-33) - Deprecated
2021-11-11 00:00:00
ubuntucve
ubuntucve
CVE-2014-1566
2014-09-03 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.001

Percentile

48.7%

JSON
Related for 8175.PRM
thn1securityvulns3prion3seebug1cve3mozilla1cvelist3nvd3openvas1ubuntucve1