CVE-2015-2714Mozilla Firefox vulnerability

CWE-2642 documents2 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 72.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedMay 14
Latest updateMay 17

Description

Mozilla Firefox before 38.0 on Android does not properly restrict writing URL data to the Android logging system, which allows attackers to obtain sensitive information via a crafted application that has a required permission for reading a log, as demonstrated by the READ_LOGS permission for the mixed-content violation log on Android 4.0 and earlier.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/firefox37.0.2

🔴Vulnerability Details

1
GHSA
GHSA-g2r3-r98c-7g53: Mozilla Firefox before 382022-05-17