Lucene search
Copyright (C) 2021 Greenbone AGOPENVAS:13614125623121201433HistoryNov 11, 2021 - 12:00 a.m.
Mozilla Firefox Security Advisory (MFSA2014-33) - Deprecated
2021-11-1100:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
9
mozilla firefox
security update
deprecated
file protocol
sd card
information disclosure
vulnerable package.
CVSS2
1.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.7
Confidence
Low
EPSS
0.001
Percentile
41.2%
This host is missing a security update for Mozilla Firefox.
This VT has been deprecated and is therefore no longer functional.
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.2.1.2014.33");
script_cve_id("CVE-2014-1515");
script_tag(name:"creation_date", value:"2021-11-11 09:42:47 +0000 (Thu, 11 Nov 2021)");
script_version("2024-04-04T05:05:25+0000");
script_tag(name:"last_modification", value:"2024-04-04 05:05:25 +0000 (Thu, 04 Apr 2024)");
script_tag(name:"cvss_base", value:"1.9");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:P/I:N/A:N");
script_name("Mozilla Firefox Security Advisory (MFSA2014-33) - Deprecated");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("General");
script_xref(name:"Advisory-ID", value:"MFSA2014-33");
script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-33/");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=945429");
script_tag(name:"summary", value:"This host is missing a security update for Mozilla Firefox.
This VT has been deprecated and is therefore no longer functional.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"File: protocol links downloaded to SD card by default
Security researcher Roee Hay reported that a hyperlink using
the file: protocol on Firefox for Android could link to a local
file in the Firefox profile directory. If a user selected this link on their
device, the linked file would be copied to the SD card without prompting.
This SD card location is world readable leading to a potential information
disclosure of files in the Firefox profile through a malicious application.");
script_tag(name:"affected", value:"Firefox version(s) below 28.0.1.");
script_tag(name:"solution", value:"The vendor has released an update. Please see the reference(s) for more information.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"executable_version_unreliable");
script_tag(name:"deprecated", value:TRUE);
exit(0);
}
exit(66);
Related
prion
prion
Design/Logic Flaw
2014-03-25 13:25:00
Design/Logic Flaw
2014-09-03 10:55:00
seebug
seebug
Mozilla Firefox for Android 'file'协议信息泄露漏洞
2014-03-26 00:00:00
cve
cve
CVE-2014-1515
2014-03-25 13:25:38
CVE-2014-1566
2014-09-03 10:55:06
mozilla
mozilla
File: protocol links downloaded to SD card by default — Mozilla
2014-03-25 00:00:00
nvd
nvd
CVE-2014-1515
2014-03-25 13:25:38
CVE-2014-1566
2014-09-03 10:55:06
cvelist
cvelist
CVE-2014-1515
2014-03-25 01:00:00
CVE-2014-1566
2014-09-03 10:00:00
ubuntucve
ubuntucve
CVE-2014-1566
2014-09-03 00:00:00
nessus
nessus
Mozilla Firefox for Android < 28.0.1 Multiple Vulnerabilities
2014-03-26 00:00:00
thn
thn
Multiple Vulnerabilities in Firefox for Android Leak Sensitive Information
2014-03-26 22:00:00
securityvulns
securityvulns
CVSS2
1.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.7
Confidence
Low
EPSS
0.001
Percentile
41.2%
Related for OPENVAS:13614125623121201433