Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a denial of service (application crash), via a crafted application that specifies Android Crash Reporter arguments.
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact Partial
AV:N/AC:L/Au:N/C:P/I:N/A:P
Vendors | Products |
---|---|
Oracle |
|
|
|
Mozilla |
|
Configuration 1 [-]
AND |
|
Configuration 2 [-]
|
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html | Third Party Advisory |
http://www.mozilla.org/security/announce/2014/mfsa2014-24.html | Vendor Advisory |
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | Third Party Advisory |
http://www.securityfocus.com/bid/66420 | Third Party Advisory VDB Entry |
https://bugzilla.mozilla.org/show_bug.cgi?id=944374 | Issue Tracking |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2014-03-19T10:00:00
Updated: 2016-09-30T12:57:01
Reserved: 2014-01-16T00:00:00
Link: CVE-2014-1506
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-03-19T10:55:06.520
Modified: 2016-11-15T18:05:03.397
Link: CVE-2014-1506
JSON object: View
Redhat Information
No data.
CWE