Vulnerability Description
Mozilla Firefox before 38.0 on Android does not properly restrict writing URL data to the Android logging system, which allows attackers to obtain sensitive information via a crafted application that has a required permission for reading a log, as demonstrated by the READ_LOGS permission for the mixed-content violation log on Android 4.0 and earlier.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 37.0.2 |
| Android | <= 4.0 |
Related Weaknesses (CWE)
References
- http://www.mozilla.org/security/announce/2015/mfsa2015-52.htmlVendor Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/74611
- https://bugzilla.mozilla.org/show_bug.cgi?id=1149094
- https://security.gentoo.org/glsa/201605-06
- http://www.mozilla.org/security/announce/2015/mfsa2015-52.htmlVendor Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/74611
- https://bugzilla.mozilla.org/show_bug.cgi?id=1149094
- https://security.gentoo.org/glsa/201605-06
FAQ
What is CVE-2015-2714?
CVE-2015-2714 is a vulnerability with a CVSS score of 2.1 (LOW). Mozilla Firefox before 38.0 on Android does not properly restrict writing URL data to the Android logging system, which allows attackers to obtain sensitive information via a crafted application that ...
How severe is CVE-2015-2714?
CVE-2015-2714 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2714?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Google Android.