PT-2014-4213 · Mozilla · Firefox Os
Bent
·
Published
2014-03-19
·
Updated
2016-11-15
·
CVE-2014-1507
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Mozilla FirefoxOS versions prior to 1.2.2
Description
A directory traversal issue in the DeviceStorage API allows attackers to bypass the media sandbox protection mechanism. This enables them to read or modify arbitrary files by using a crafted application with a relative pathname for a DeviceStorageFile object.
Recommendations
For versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Firefox Os