CVE-2015-7186 — Sensitive Information Exposure in Mozilla Firefox

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 44.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedNov 5

Latest updateMay 17

Description

Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger (1) a download or (2) cached profile-data reading via a file: URL in a saved HTML document.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/firefox41.0.2

🔴Vulnerability Details

GHSA

GHSA-h4w5-cf4g-67h6: Mozilla Firefox before 42↗2022-05-17

▶

💬Community

Bugzilla

file: URIs SOP Bypass: local HTML file can lead to file stealing (similar to CVE-2015-7186)↗2019-06-10

▶