[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-0822Date: (C)2015-02-25   (M)2024-03-27


The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1031791
SECTRACK-1031792
BID-72756
DSA-3174
DSA-3179
GLSA-201504-01
RHSA-2015:0265
RHSA-2015:0266
RHSA-2015:0642
SUSE-SU-2015:0412
SUSE-SU-2015:0446
SUSE-SU-2015:0447
USN-2505-1
USN-2506-1
http://www.mozilla.org/security/announce/2015/mfsa2015-24.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1110557
openSUSE-SU-2015:0404
openSUSE-SU-2015:0448
openSUSE-SU-2015:0567
openSUSE-SU-2015:0570
openSUSE-SU-2015:1266

CPE    244
cpe:/a:mozilla:firefox:14.0
cpe:/a:mozilla:firefox:20.0.1
cpe:/a:mozilla:firefox:1.5:beta2
cpe:/a:mozilla:firefox:1.5:beta1
...
CWE    1
CWE-200
OVAL    26
oval:org.secpod.oval:def:502177
oval:org.secpod.oval:def:23686
oval:org.secpod.oval:def:23685
oval:org.secpod.oval:def:52420
...

© SecPod Technologies