CVE-2015-0822

Sažetak

The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.

Reference

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html
http://rhn.redhat.com/errata/RHSA-2015-0265.html
http://rhn.redhat.com/errata/RHSA-2015-0266.html
http://rhn.redhat.com/errata/RHSA-2015-0642.html
http://www.debian.org/security/2015/dsa-3174
http://www.debian.org/security/2015/dsa-3179
http://www.mozilla.org/security/announce/2015/mfsa2015-24.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.securityfocus.com/bid/72756
http://www.securitytracker.com/id/1031791
http://www.securitytracker.com/id/1031792
http://www.ubuntu.com/usn/USN-2505-1
http://www.ubuntu.com/usn/USN-2506-1
https://bugzilla.mozilla.org/show_bug.cgi?id=1110557
https://security.gentoo.org/glsa/201504-01

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

21-10-2024 - 13:55

Objavljeno

25-02-2015 - 11:59