CVE-2014-1515 — Sensitive Information Exposure in Mozilla Firefox

CWE-200 — Sensitive Information Exposure CWE-366 — Race Condition within a Thread10 documents6 sources

Severity

4.3MEDIUMNVD

NVD1.9OSV5.5

EPSS

0.1%

top 79.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Mozilla Firefox

Timeline

PublishedMar 25

Latest updateJan 13

Description

Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages2 packages

▶NVDmozilla/firefox31.0+2

▶Linuxlinux/linux_kernel6.2.0 — 6.6.120+3

🔴Vulnerability Details

OSV

mptcp: fallback earlier on simult connection↗2026-01-13

▶

GHSA

GHSA-fxqm-4c8h-5v9p: Mozilla Firefox before 31↗2022-05-17

▶

GHSA

GHSA-2f32-j9g6-qjhh: Mozilla Firefox before 28↗2022-05-17

▶

📋Vendor Advisories

Red Hat

kernel: Linux kernel: Denial of Service via MPTCP race condition↗2026-01-13

▶

🕵️Threat Intelligence

Wiz

CVE-2025-71088 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)↗2015-11-25

▶

Bugzilla

CVE-2014-3648 JBoss AeroGear: DDoS via deviceToken↗2014-09-19

▶

Bugzilla

Security vulnerability: Weak randomness of profile directories↗2013-11-28

▶