CVE-2015-2744

Name of the Vulnerable Software and Affected Versions Mozilla Firefox OS versions prior to 2.2

Description The issue is related to a cross-site scripting (XSS) vulnerability in the Search app component of Gaia in Mozilla Firefox OS. This vulnerability allows remote attackers to inject arbitrary HTML code via a crafted search link that is mishandled after re-opening the browser or opening the tab view. The exploitation of this vulnerability can enable a remote attacker to inject arbitrary HTML code using a special search query executed after restarting the browser or opening a new tab.

Recommendations For versions prior to 2.2, update to version 2.2 or later to resolve the issue.