CVE-2014-1501: Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open…

medium5.8CVSS 3.1

AVNACMAuNCPIPAN

Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection.

Affected

204 ranges· showing 25

Vendor	Product	Version range	Fixed in
mozilla	firefox	<= 27.0.1	—
mozilla	firefox	—	—
mozilla	firefox	—	—
mozilla	firefox	—	—
mozilla	firefox	—	—
mozilla	firefox	—	—
mozilla	firefox	—	—
mozilla	firefox	—	—
mozilla	firefox	—	—
mozilla	firefox	—	—
mozilla	firefox	—	—
mozilla	firefox	—	—
mozilla	firefox	—	—
mozilla	firefox	—	—
mozilla	firefox	—	—
mozilla	firefox	—	—
mozilla	firefox	—	—
mozilla	firefox	—	—
mozilla	firefox	—	—
mozilla	firefox	—	—
mozilla	firefox	—	—
mozilla	firefox	—	—
mozilla	firefox	—	—
mozilla	firefox	—	—
mozilla	firefox	—	—