CVE-2015-2711 — Sensitive Information Exposure in Mozilla Firefox

CWE-200 — Sensitive Information Exposure7 documents6 sources

Severity

4.3MEDIUMNVD

OSV7.5

EPSS

0.5%

top 33.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Opensuse

Timeline

PublishedMay 14

Latest updateMay 14

Description

Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to obtain sensitive information by reading web-server Referer logs that contain private data in a URL, as demonstrated by a private path component.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶Ubuntumozilla/firefox< 38.0+build3-0ubuntu0.14.04.1

▶NVDmozilla/firefox37.0.2

▶NVDopensuse/opensuse13.1, 13.2+1

🔴Vulnerability Details

GHSA

GHSA-wffm-6f65-w6fm: Mozilla Firefox before 38↗2022-05-14

▶

OSV

firefox vulnerabilities↗2015-05-13

▶

OSV

CVE-2015-2711: Mozilla Firefox before 38↗2015-05-13

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2015-05-13

▶

Red Hat

Mozilla: <meta name="referrer"> is ignored for navigations from the context menu and via a middle-click (MFSA 2015-49)↗2015-05-12

▶

💬Community

Bugzilla

CVE-2015-2711 Mozilla: <meta name="referrer"> is ignored for navigations from the context menu and via a middle-click (MFSA 2015-49)↗2015-05-12

▶