CVE-2015-7195 — Sensitive Information Exposure in Mozilla Firefox

CWE-200 — Sensitive Information Exposure7 documents6 sources

Severity

5.0MEDIUMNVD

OSV7.5

EPSS

0.6%

top 31.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedNov 5

Latest updateMay 17

Description

The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Ubuntumozilla/firefox< 42.0+build2-0ubuntu0.14.04.1

▶NVDmozilla/firefox41.0.2

🔴Vulnerability Details

GHSA

GHSA-m98j-9vrj-cgp2: The URL parsing implementation in Mozilla Firefox before 42↗2022-05-17

▶

OSV

firefox vulnerabilities↗2015-11-04

▶

OSV

CVE-2015-7195: The URL parsing implementation in Mozilla Firefox before 42↗2015-11-04

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2015-11-04

▶

Red Hat

Mozilla: Certain escaped characters in host of Location-header are being treated as non-escaped (MFSA 2015-129)↗2015-11-04

▶

💬Community

Bugzilla

CVE-2015-7195 Mozilla: Certain escaped characters in host of Location-header are being treated as non-escaped (MFSA 2015-129)↗2015-11-03

▶