Описание
Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox ESR < 68.11.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | Android only |
| devel | not-affected | Android only |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | not-affected | Android only |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | not-affected | debian: Android specific |
| xenial | not-affected | Android only |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | not-affected | debian: Android specific |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | Android only |
| devel | DNE | |
| esm-apps/bionic | not-affected | Android only |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | not-affected | Android only |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | Android only |
| devel | not-affected | Android only |
| esm-apps/focal | not-affected | Android only |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | Android only |
| focal | not-affected | Android only |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | not-affected | Android only |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | not-affected | Android only |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | not-affected | Android only |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | not-affected | Android only |
| focal | not-affected | Android only |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | not-affected | Android only |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | Android only |
| devel | not-affected | Android only |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | not-affected | Android only |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | not-affected | Android only |
| xenial | not-affected | Android only |
Показывать по
EPSS
4.3 Medium
CVSS2
5.5 Medium
CVSS3
Связанные уязвимости
Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11.
Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11.
Given an installed malicious file picker application, an attacker was ...
Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11.
Уязвимость браузера Firefox ESR для операционных систем Android, связанная с отсутствием ограничений на загрузку файлов, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации
EPSS
4.3 Medium
CVSS2
5.5 Medium
CVSS3