CVE-2015-0822

Опубликовано: 24 фев. 2015

Источник: redhat

CVSS2: 4.3

Описание

The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.

An information leak flaw was found in the way Firefox implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=1195638Mozilla: Reading of local files through manipulation of form autocomplete (MFSA 2015-24)

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2015-0822

ubuntu

больше 10 лет назад

The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.

CVE-2015-0822

nvd

больше 10 лет назад

The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.

CVE-2015-0822

debian

больше 10 лет назад

The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefo ...

GHSA-7pv8-rq9p-p2xx

github

больше 3 лет назад

The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.

ELSA-2015-0642

oracle-oval

больше 10 лет назад

ELSA-2015-0642: thunderbird security update (IMPORTANT)

4.3 Medium

CVSS2