PT-2015-5852 · Mozilla · Firefox
Muneaki Nishimura
·
Published
2015-05-14
·
Updated
2017-01-03
·
CVE-2015-2714
CVSS v2.0
2.1
Low
| Vector | AV:L/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Mozilla Firefox versions prior to 38.0 on Android
Description
The issue allows attackers to obtain sensitive information via a crafted application that has a required permission for reading a log, as demonstrated by the READ LOGS permission for the mixed-content violation log on Android 4.0 and earlier. This is due to the improper restriction of writing URL data to the Android logging system.
Recommendations
For versions prior to 38.0, update to version 38.0 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Firefox