CVE-2014-1515

Severity Score

1.9

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application.

Mozilla Firefox anterior a 28.0.1 en Android procesa un archivo: URL copiando un archivo local a la tarjeta SD, lo que permite a atacantes obtener información sensible del directorio de perfil de Firefox a través de una aplicación manipulada.

*Credits: N/A

CVSS Scores

NISTv2 1.9

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-01-16 CVE Reserved
2014-03-25 CVE Published
2023-03-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (3)

URL	Tag	Source
http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html	Mailing List
https://bugzilla.mozilla.org/show_bug.cgi?id=945429	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.mozilla.org/security/announce/2014/mfsa2014-33.html	2014-04-01

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mozilla Search vendor "Mozilla"	Firefox Search vendor "Mozilla" for product "Firefox"	<= 28.0 Search vendor "Mozilla" for product "Firefox" and version " <= 28.0"	-	Affected	in	Google Search vendor "Google"	Android Search vendor "Google" for product "Android"	*	-	Safe