CVE-2015-0822 — Sensitive Information Exposure in Mozilla Firefox

CWE-200 — Sensitive Information Exposure11 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.6%

top 29.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR

Timeline

PublishedFeb 25

Latest updateMay 17

Description

The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages5 packages

▶Ubuntumozilla/firefox< 36.0+build2-0ubuntu0.14.04.4+1

▶NVDmozilla/firefox35.0.1+215

▶NVDmozilla/firefox_esr5 versions+4

▶Ubuntumozilla/thunderbird< 1:31.5.0+build1-0ubuntu0.14.04.1

▶NVDmozilla/thunderbird31.4+4

🔴Vulnerability Details

GHSA

GHSA-7pv8-rq9p-p2xx: The Form Autocompletion feature in Mozilla Firefox before 36↗2022-05-17

▶

OSV

firefox regression↗2015-03-09

▶

OSV

thunderbird vulnerabilities↗2015-03-03

▶

OSV

firefox vulnerabilities↗2015-02-25

▶

OSV

CVE-2015-0822: The Form Autocompletion feature in Mozilla Firefox before 36↗2015-02-25

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2015-03-09

▶

Ubuntu

Thunderbird vulnerabilities↗2015-03-03

▶

Ubuntu

Firefox vulnerabilities↗2015-02-25

▶

Red Hat

Mozilla: Reading of local files through manipulation of form autocomplete (MFSA 2015-24)↗2015-02-24

▶

💬Community

Bugzilla

CVE-2015-0822 Mozilla: Reading of local files through manipulation of form autocomplete (MFSA 2015-24)↗2015-02-24

▶