CVE-2015-2714

EPSS 0.1%
Veröffentlicht 14.05.2015 10:59:07
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle security@mozilla.org
Teams Watchlist Login
Unerledigt Login

Mozilla Firefox before 38.0 on Android does not properly restrict writing URL data to the Android logging system, which allows attackers to obtain sensitive information via a crafted application that has a required permission for reading a log, as demonstrated by the READ_LOGS permission for the mixed-content violation log on Android 4.0 and earlier.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version <= 37.0.2

Google ≫ Android Version <= 4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.284

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

https://security.gentoo.org/glsa/201605-06

http://www.securityfocus.com/bid/74611

http://www.mozilla.org/security/announce/2015/mfsa2015-52.html

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1149094

https://nvd.nist.gov/vuln/detail/CVE-2015-2714

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-2714

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-2714

EUVD