Описание
The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML documents via a crafted application.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одновременно
EPSS
5 Medium
CVSS2
Дефекты
Связанные уязвимости
The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML documents via a crafted application.
The Search feature in Mozilla Firefox before 42.0 on Android through 4 ...
The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML documents via a crafted application.
Уязвимость браузера Firefox, позволяющая нарушителю получить доступ к лог-файлам
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss, xulrunner, seamonkey
EPSS
5 Medium
CVSS2