SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Mozilla Firefox Vendors:   Mozilla.org
Mozilla Firefox Reader Mode Flaw Lets Remote Users Access Privileged URLs
SecurityTracker Alert ID:  1032029
SecurityTracker URL:  http://securitytracker.com/id/1032029
CVE Reference:   CVE-2015-0798   (Links to External Site)
Date:  Apr 7 2015
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 37.0.1
Description:   A vulnerability was reported in Mozilla Firefox. A remote user can obtain potentially sensitive information on the target system.

A remote user can create specially crafted HTML that, when loaded by the target user, will invoke 'Reader mode' and bypass security restrictions to access potentially sensitive information from privileged URLs.

The pre-release versions of Desktop Firefox are affected. The released version of Desktop Firefox does not include the vulnerable reader mode and is not affected.

Firefox for Android is also affected.

Armin Razmdjou reported this vulnerability.

Impact:   A remote user can obtain potentially sensitive information on the target system.
Solution:   The vendor has issued a fix (37.0.1).

The vendor's advisory is available at:

https://www.mozilla.org/en-US/security/advisories/mfsa2015-43/

Vendor URL:  www.mozilla.org/en-US/security/advisories/mfsa2015-43/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Android, Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC