CVE-2014-1484
CVSS5.0
发布时间 :2014-02-06 00:44:24
修订时间 :2018-01-02 21:29:06
NMCOPS    

[原文]Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.


[CNNVD]Mozilla Firefox 信息泄露漏洞(CNNVD-201402-048)

        Mozilla Firefox是美国Mozilla基金会开发的一款开源Web浏览器。
        基于Android 4.2及之前版本平台上的Mozilla Firefox 26.0及之前的版本中存在信息泄露漏洞,该漏洞源于系统日志中包含软件的配置文件路径。攻击者可借助特制的应用程序利用该漏洞获取敏感信息。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-200 [信息暴露]

- CPE (受影响的平台与产品)

cpe:/a:mozilla:firefox:0.1Mozilla Firefox 0.1
cpe:/a:mozilla:firefox:0.2Mozilla Firefox 0.2
cpe:/a:mozilla:firefox:0.3Mozilla Firefox 0.3
cpe:/a:mozilla:firefox:0.4Mozilla Firefox 0.4
cpe:/a:mozilla:firefox:0.5Mozilla Firefox 0.5
cpe:/a:mozilla:firefox:0.6Mozilla Firefox 0.6
cpe:/a:mozilla:firefox:0.6.1Mozilla Firefox 0.6.1
cpe:/a:mozilla:firefox:0.7Mozilla Firefox 0.7
cpe:/a:mozilla:firefox:0.7.1Mozilla Firefox 0.7.1
cpe:/a:mozilla:firefox:0.8Mozilla Firefox 0.8
cpe:/a:mozilla:firefox:0.9Mozilla Firefox 0.9
cpe:/a:mozilla:firefox:0.9:rcMozilla Firefox 0.9 rc
cpe:/a:mozilla:firefox:0.9.1Mozilla Firefox 0.9.1
cpe:/a:mozilla:firefox:0.9.2Mozilla Firefox 0.9.2
cpe:/a:mozilla:firefox:0.9.3Mozilla Firefox 0.9.3
cpe:/a:mozilla:firefox:0.10Mozilla Firefox 0.10
cpe:/a:mozilla:firefox:0.10.1Mozilla Firefox 0.10.1
cpe:/a:mozilla:firefox:1.0Mozilla Firefox 1.0
cpe:/a:mozilla:firefox:1.0:preview_releaseMozilla Firefox 1.0 Preview Release
cpe:/a:mozilla:firefox:1.0.1Mozilla Firefox 1.0.1
cpe:/a:mozilla:firefox:1.0.2Mozilla Firefox 1.0.2
cpe:/a:mozilla:firefox:1.0.3Mozilla Firefox 1.0.3
cpe:/a:mozilla:firefox:1.0.4Mozilla Firefox 1.0.4
cpe:/a:mozilla:firefox:1.0.5Mozilla Firefox 1.0.5
cpe:/a:mozilla:firefox:1.0.6Mozilla Firefox 1.0.6
cpe:/a:mozilla:firefox:1.0.7Mozilla Firefox 1.0.7
cpe:/a:mozilla:firefox:1.0.8Mozilla Firefox 1.0.8
cpe:/a:mozilla:firefox:1.5Mozilla Firefox 1.5
cpe:/a:mozilla:firefox:1.5:beta1Mozilla Firefox 1.5 Beta 1
cpe:/a:mozilla:firefox:1.5:beta2Mozilla Firefox 1.5 Beta 2
cpe:/a:mozilla:firefox:1.5.0.1Mozilla Firefox 1.5.0.1
cpe:/a:mozilla:firefox:1.5.0.2Mozilla Firefox 1.5.0.2
cpe:/a:mozilla:firefox:1.5.0.3Mozilla Firefox 1.5.0.3
cpe:/a:mozilla:firefox:1.5.0.4Mozilla Firefox 1.5.0.4
cpe:/a:mozilla:firefox:1.5.0.5Mozilla Firefox 1.5.0.5
cpe:/a:mozilla:firefox:1.5.0.6Mozilla Firefox 1.5.0.6
cpe:/a:mozilla:firefox:1.5.0.7Mozilla Firefox 1.5.0.7
cpe:/a:mozilla:firefox:1.5.0.8Mozilla Firefox 1.5.0.8
cpe:/a:mozilla:firefox:1.5.0.9Mozilla Firefox 1.5.0.9
cpe:/a:mozilla:firefox:1.5.0.10Mozilla Firefox 1.5.0.10
cpe:/a:mozilla:firefox:1.5.0.11Mozilla Firefox 1.5.0.11
cpe:/a:mozilla:firefox:1.5.0.12Mozilla Firefox 1.5.0.12
cpe:/a:mozilla:firefox:1.5.1Mozilla Firefox 1.5.1
cpe:/a:mozilla:firefox:1.5.2Mozilla Firefox 1.5.2
cpe:/a:mozilla:firefox:1.5.3Mozilla Firefox 1.5.3
cpe:/a:mozilla:firefox:1.5.4Mozilla Firefox 1.5.4
cpe:/a:mozilla:firefox:1.5.5Mozilla Firefox 1.5.5
cpe:/a:mozilla:firefox:1.5.6Mozilla Firefox 1.5.6
cpe:/a:mozilla:firefox:1.5.7Mozilla Firefox 1.5.7
cpe:/a:mozilla:firefox:1.5.8Mozilla Firefox 1.5.8
cpe:/a:mozilla:firefox:2.0Mozilla Firefox 2.0
cpe:/a:mozilla:firefox:2.0.0.1Mozilla Firefox 2.0.0.1
cpe:/a:mozilla:firefox:2.0.0.2Mozilla Firefox 2.0.0.2
cpe:/a:mozilla:firefox:2.0.0.3Mozilla Firefox 2.0.0.3
cpe:/a:mozilla:firefox:2.0.0.4Mozilla Firefox 2.0.0.4
cpe:/a:mozilla:firefox:2.0.0.5Mozilla Firefox 2.0.0.5
cpe:/a:mozilla:firefox:2.0.0.6Mozilla Firefox 2.0.0.6
cpe:/a:mozilla:firefox:2.0.0.7Mozilla Firefox 2.0.0.7
cpe:/a:mozilla:firefox:2.0.0.8Mozilla Firefox 2.0.0.8
cpe:/a:mozilla:firefox:2.0.0.9Mozilla Firefox 2.0.0.9
cpe:/a:mozilla:firefox:2.0.0.10Mozilla Firefox 2.0.0.10
cpe:/a:mozilla:firefox:2.0.0.11Mozilla Firefox 2.0.0.11
cpe:/a:mozilla:firefox:2.0.0.12Mozilla Firefox 2.0.0.12
cpe:/a:mozilla:firefox:2.0.0.13Mozilla Firefox 2.0.0.13
cpe:/a:mozilla:firefox:2.0.0.14Mozilla Firefox 2.0.0.14
cpe:/a:mozilla:firefox:2.0.0.15Mozilla Firefox 2.0.0.15
cpe:/a:mozilla:firefox:2.0.0.16Mozilla Firefox 2.0.0.16
cpe:/a:mozilla:firefox:2.0.0.17Mozilla Firefox 2.0.0.17
cpe:/a:mozilla:firefox:2.0.0.18Mozilla Firefox 2.0.0.18
cpe:/a:mozilla:firefox:2.0.0.19Mozilla Firefox 2.0.0.19
cpe:/a:mozilla:firefox:2.0.0.20Mozilla Firefox 2.0.0.20
cpe:/a:mozilla:firefox:3.0Mozilla Firefox 3.0
cpe:/a:mozilla:firefox:3.0.1Mozilla Firefox 3.0.1
cpe:/a:mozilla:firefox:3.0.2Mozilla Firefox 3.0.2
cpe:/a:mozilla:firefox:3.0.3Mozilla Firefox 3.0.3
cpe:/a:mozilla:firefox:3.0.4Mozilla Firefox 3.0.4
cpe:/a:mozilla:firefox:3.0.5Mozilla Firefox 3.0.5
cpe:/a:mozilla:firefox:3.0.6Mozilla Firefox 3.0.6
cpe:/a:mozilla:firefox:3.0.7Mozilla Firefox 3.0.7
cpe:/a:mozilla:firefox:3.0.8Mozilla Firefox 3.0.8
cpe:/a:mozilla:firefox:3.0.9Mozilla Firefox 3.0.9
cpe:/a:mozilla:firefox:3.0.10Mozilla Firefox 3.0.10
cpe:/a:mozilla:firefox:3.0.11Mozilla Firefox 3.0.11
cpe:/a:mozilla:firefox:3.0.12Mozilla Firefox 3.0.12
cpe:/a:mozilla:firefox:3.0.13Mozilla Firefox 3.0.13
cpe:/a:mozilla:firefox:3.0.14Mozilla Firefox 3.0.14
cpe:/a:mozilla:firefox:3.0.15Mozilla Firefox 3.0.15
cpe:/a:mozilla:firefox:3.0.16Mozilla Firefox 3.0.16
cpe:/a:mozilla:firefox:3.0.17Mozilla Firefox 3.0.17
cpe:/a:mozilla:firefox:3.0.18
cpe:/a:mozilla:firefox:3.0.19
cpe:/a:mozilla:firefox:3.5Mozilla Firefox 3.5
cpe:/a:mozilla:firefox:3.5.1Mozilla Firefox 3.5.1
cpe:/a:mozilla:firefox:3.5.2Mozilla Firefox 3.5.2
cpe:/a:mozilla:firefox:3.5.3Mozilla Firefox 3.5.3
cpe:/a:mozilla:firefox:3.5.4Mozilla Firefox 3.5.4
cpe:/a:mozilla:firefox:3.5.5Mozilla Firefox 3.5.5
cpe:/a:mozilla:firefox:3.5.6Mozilla Firefox 3.5.6
cpe:/a:mozilla:firefox:3.5.7Mozilla Firefox 3.5.7
cpe:/a:mozilla:firefox:3.5.8Mozilla Firefox 3.5.8
cpe:/a:mozilla:firefox:3.5.9Mozilla Firefox 3.5.9
cpe:/a:mozilla:firefox:3.5.10Mozilla Firefox 3.5.10
cpe:/a:mozilla:firefox:3.5.11Mozilla Firefox 3.5.11
cpe:/a:mozilla:firefox:3.5.12Mozilla Firefox 3.5.12
cpe:/a:mozilla:firefox:3.5.13Mozilla Firefox 3.5.13
cpe:/a:mozilla:firefox:3.5.14Mozilla Firefox 3.5.14
cpe:/a:mozilla:firefox:3.5.15Mozilla Firefox 3.5.15
cpe:/a:mozilla:firefox:3.5.16
cpe:/a:mozilla:firefox:3.5.17
cpe:/a:mozilla:firefox:3.5.18
cpe:/a:mozilla:firefox:3.5.19
cpe:/a:mozilla:firefox:3.6Mozilla Firefox 3.6
cpe:/a:mozilla:firefox:3.6.2Mozilla Firefox 3.6.2
cpe:/a:mozilla:firefox:3.6.3Mozilla Firefox 3.6.3
cpe:/a:mozilla:firefox:3.6.4Mozilla Firefox 3.6.4
cpe:/a:mozilla:firefox:3.6.6Mozilla Firefox 3.6.6
cpe:/a:mozilla:firefox:3.6.7Mozilla Firefox 3.6.7
cpe:/a:mozilla:firefox:3.6.8Mozilla Firefox 3.6.8
cpe:/a:mozilla:firefox:3.6.9Mozilla Firefox 3.6.9
cpe:/a:mozilla:firefox:3.6.10Mozilla Firefox 3.6.10
cpe:/a:mozilla:firefox:3.6.11Mozilla Firefox 3.6.11
cpe:/a:mozilla:firefox:3.6.12Mozilla Firefox 3.6.12
cpe:/a:mozilla:firefox:3.6.13Mozilla Firefox 3.6.13
cpe:/a:mozilla:firefox:3.6.14Mozilla Firefox 3.6.14
cpe:/a:mozilla:firefox:3.6.15Mozilla Firefox 3.6.15
cpe:/a:mozilla:firefox:3.6.16Mozilla Firefox 3.6.16
cpe:/a:mozilla:firefox:3.6.17Mozilla Firefox 3.6.17
cpe:/a:mozilla:firefox:3.6.18Mozilla Firefox 3.6.18
cpe:/a:mozilla:firefox:3.6.19Mozilla Firefox 3.6.19
cpe:/a:mozilla:firefox:3.6.20Mozilla Firefox 3.6.20
cpe:/a:mozilla:firefox:3.6.21Mozilla Firefox 3.6.21
cpe:/a:mozilla:firefox:3.6.22Mozilla Firefox 3.6.22
cpe:/a:mozilla:firefox:3.6.23Mozilla Firefox 3.6.23
cpe:/a:mozilla:firefox:3.6.24Mozilla Firefox 3.6.24
cpe:/a:mozilla:firefox:3.6.25Mozilla Firefox 3.6.25
cpe:/a:mozilla:firefox:3.6.26
cpe:/a:mozilla:firefox:3.6.27
cpe:/a:mozilla:firefox:3.6.28
cpe:/a:mozilla:firefox:4.0Mozilla Firefox 4.0
cpe:/a:mozilla:firefox:4.0:beta1Mozilla Firefox 4.0 beta1
cpe:/a:mozilla:firefox:4.0:beta10Mozilla Firefox 4.0 beta10
cpe:/a:mozilla:firefox:4.0:beta11Mozilla Firefox 4.0 beta11
cpe:/a:mozilla:firefox:4.0:beta12Mozilla Firefox 4.0 beta12
cpe:/a:mozilla:firefox:4.0:beta2Mozilla Firefox 4.0 beta2
cpe:/a:mozilla:firefox:4.0:beta3Mozilla Firefox 4.0 beta3
cpe:/a:mozilla:firefox:4.0:beta4Mozilla Firefox 4.0 beta4
cpe:/a:mozilla:firefox:4.0:beta5Mozilla Firefox 4.0 beta5
cpe:/a:mozilla:firefox:4.0:beta6Mozilla Firefox 4.0 beta6
cpe:/a:mozilla:firefox:4.0:beta7Mozilla Firefox 4.0 beta7
cpe:/a:mozilla:firefox:4.0:beta8Mozilla Firefox 4.0 beta8
cpe:/a:mozilla:firefox:4.0:beta9Mozilla Firefox 4.0 beta9
cpe:/a:mozilla:firefox:4.0.1Mozilla Firefox 4.0.1
cpe:/a:mozilla:firefox:5.0Mozilla Firefox 5.0
cpe:/a:mozilla:firefox:5.0.1Mozilla Firefox 5.0.1
cpe:/a:mozilla:firefox:6.0Mozilla Firefox 6.0
cpe:/a:mozilla:firefox:6.0.1Mozilla Firefox 6.0.1
cpe:/a:mozilla:firefox:6.0.2Mozilla Firefox 6.0.2
cpe:/a:mozilla:firefox:7.0Mozilla Firefox 7.0
cpe:/a:mozilla:firefox:7.0.1Mozilla Firefox 7.0.1
cpe:/a:mozilla:firefox:8.0Mozilla Firefox 8.0
cpe:/a:mozilla:firefox:8.0.1Mozilla Firefox 8.0.1
cpe:/a:mozilla:firefox:9.0Mozilla Firefox 9.0
cpe:/a:mozilla:firefox:9.0.1Mozilla Firefox 9.0.1
cpe:/a:mozilla:firefox:10.0Mozilla Firefox 10.0
cpe:/a:mozilla:firefox:10.0.1Mozilla Firefox 10.0.1
cpe:/a:mozilla:firefox:10.0.2Mozilla Firefox 10.0.2
cpe:/a:mozilla:firefox:10.0.3
cpe:/a:mozilla:firefox:10.0.4
cpe:/a:mozilla:firefox:10.0.5
cpe:/a:mozilla:firefox:10.0.6
cpe:/a:mozilla:firefox:10.0.7
cpe:/a:mozilla:firefox:10.0.8
cpe:/a:mozilla:firefox:10.0.9
cpe:/a:mozilla:firefox:10.0.10
cpe:/a:mozilla:firefox:10.0.11
cpe:/a:mozilla:firefox:10.0.12
cpe:/a:mozilla:firefox:11.0Mozilla Firefox 11.0
cpe:/a:mozilla:firefox:12.0Mozilla Firefox 12.0
cpe:/a:mozilla:firefox:12.0:beta6Mozilla Firefox 12.0 beta6
cpe:/a:mozilla:firefox:13.0Mozilla Firefox 13.0
cpe:/a:mozilla:firefox:13.0.1Mozilla Firefox 13.0.1
cpe:/a:mozilla:firefox:14.0Mozilla Firefox 14.0
cpe:/a:mozilla:firefox:14.0.1Mozilla Firefox 14.0.1
cpe:/a:mozilla:firefox:15.0Mozilla Firefox 15.0
cpe:/a:mozilla:firefox:15.0.1Mozilla Firefox 15.0.1
cpe:/a:mozilla:firefox:16.0Mozilla Firefox 16.0
cpe:/a:mozilla:firefox:16.0.1Mozilla Firefox 16.0.1
cpe:/a:mozilla:firefox:16.0.2Mozilla Firefox 16.0.2
cpe:/a:mozilla:firefox:17.0.2
cpe:/a:mozilla:firefox:17.0.3
cpe:/a:mozilla:firefox:17.0.4
cpe:/a:mozilla:firefox:17.0.5
cpe:/a:mozilla:firefox:17.0.6
cpe:/a:mozilla:firefox:17.0.7
cpe:/a:mozilla:firefox:17.0.8
cpe:/a:mozilla:firefox:17.0.9
cpe:/a:mozilla:firefox:17.0.10
cpe:/a:mozilla:firefox:17.0.11
cpe:/a:mozilla:firefox:18.0Mozilla Firefox 18.0
cpe:/a:mozilla:firefox:18.0.1Mozilla Firefox 18.0.1
cpe:/a:mozilla:firefox:18.0.2Mozilla Firefox 18.0.2
cpe:/a:mozilla:firefox:19.0Mozilla Firefox 19.0
cpe:/a:mozilla:firefox:19.0.1Mozilla Firefox 19.0.1
cpe:/a:mozilla:firefox:19.0.2Mozilla Firefox 19.0.2
cpe:/a:mozilla:firefox:20.0
cpe:/a:mozilla:firefox:20.0.1
cpe:/a:mozilla:firefox:21.0
cpe:/a:mozilla:firefox:23.0
cpe:/a:mozilla:firefox:23.0.1
cpe:/a:mozilla:firefox:24.0
cpe:/a:mozilla:firefox:24.1
cpe:/a:mozilla:firefox:24.1.1
cpe:/a:mozilla:firefox:25.0
cpe:/a:mozilla:firefox:25.0.1
cpe:/a:mozilla:firefox:26.0
cpe:/o:opensuse_project:opensuse:12.3
cpe:/o:opensuse_project:opensuse:13.1
cpe:/o:oracle:solaris:11.3
cpe:/o:suse:linux_enterprise_desktop:11:sp3
cpe:/o:suse:linux_enterprise_server:11:sp3
cpe:/o:suse:linux_enterprise_server:11:sp3:~~~vmware~~
cpe:/o:suse:linux_enterprise_software_development_kit:11:sp3

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:25463SUSE-SU-2014:0248-2 -- Security update for Mozilla Firefox
oval:org.mitre.oval:def:24736SUSE-SU-2014:0248-1 -- Security update for MozillaFirefox
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1484
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1484
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-201402-048
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html
(VENDOR_ADVISORY)  BUGTRAQ  20140326 Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html
(VENDOR_ADVISORY)  SUSE  openSUSE-SU-2014:0212
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html
(VENDOR_ADVISORY)  SUSE  SUSE-SU-2014:0248
http://osvdb.org/102870
(UNKNOWN)  OSVDB  102870
http://www.mozilla.org/security/announce/2014/mfsa2014-06.html
(VENDOR_ADVISORY)  CONFIRM  http://www.mozilla.org/security/announce/2014/mfsa2014-06.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
(VENDOR_ADVISORY)  CONFIRM  http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/65323
(UNKNOWN)  BID  65323
http://www.securitytracker.com/id/1029719
(UNKNOWN)  SECTRACK  1029719
https://bugzilla.mozilla.org/show_bug.cgi?id=953993
(VENDOR_ADVISORY)  CONFIRM  https://bugzilla.mozilla.org/show_bug.cgi?id=953993
https://exchange.xforce.ibmcloud.com/vulnerabilities/90892
(UNKNOWN)  XF  firefox-android-cve20141484-info-disc(90892)

- 漏洞信息

Mozilla Firefox 信息泄露漏洞
中危 信息泄露
2014-02-12 00:00:00 2014-02-12 00:00:00
远程  
        Mozilla Firefox是美国Mozilla基金会开发的一款开源Web浏览器。
        基于Android 4.2及之前版本平台上的Mozilla Firefox 26.0及之前的版本中存在信息泄露漏洞,该漏洞源于系统日志中包含软件的配置文件路径。攻击者可借助特制的应用程序利用该漏洞获取敏感信息。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.mozilla.org/security/announce/2014/mfsa2014-06.html

- 漏洞信息 (F125904)

Firefox For Android Information Leak (PacketStormID:F125904)
2014-03-26 00:00:00
Roee Hay  
advisory,vulnerability
CVE-2014-1484,CVE-2014-1506,CVE-2014-1515,CVE-2014-1516
[点击下载]

A series of vulnerabilities have been discovered in Firefox for Android that allows a malicious application to successfully derandomize the Firefox profile directory name in a practical amount of time and then leak sensitive data (such as cookies and cached information) which reside in that directory, breaking Android's sandbox.

Hi,

We have recently discovered a series of vulnerabilities in Firefox for Android
that allows a malicious application to successfully derandomize
the Firefox profile directory name in a practical amount of time
and then leak sensitive data (such as cookies and cached
information) which reside in that directory, breaking Android's
sandbox:

1. (CVE-2014-1516) Profile Directory Name Weak Randomization.
2. (CVE-2014-1484) Profile Directory Name Leaks to Android System Log.
3. (CVE-2014-1515) Automatic File Download to SD Card.
4. (CVE-2014-1506) Crash Reporter File Manipulation.

The full analysis with exploitation techniques can be found in our whitepaper.

Important links:

1. Blog post: http://bit.ly/1drYsZp
2. Whitepaper: http://slidesha.re/1gqiyD3


-Roee
    

- 漏洞信息

102870
Mozilla Firefox for Android Profile Path Disclosure
Context Dependent, Mobile Phone / Hand-held Device Other
Loss of Confidentiality Upgrade
Exploit Unknown Vendor Verified, Coordinated Disclosure

- 漏洞描述

Mozilla Firefox contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request for the system log, which discloses the software's profile path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

- 时间线

2014-02-04 Unknow
Unknow 2014-02-04

- 解决方案

It has been reported that this issue has been fixed. Upgrade Firefox to version 27, or higher, to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Mozilla Firefox for Android Profile Paths Leak Information Disclosure Vulnerability
Design Error 65323
Yes No
2014-02-04 12:00:00 2014-02-04 12:00:00
Roee Hay

- 受影响的程序版本

Mozilla Firefox 9.0.1
Mozilla Firefox 3.6.28
Mozilla Firefox 3.6.22
Mozilla Firefox 3.6.13
Mozilla Firefox 3.6.10
Mozilla Firefox 3.6.9
Mozilla Firefox 3.6.8
Mozilla Firefox 3.6.6
Mozilla Firefox 3.6.4
Mozilla Firefox 3.6.3
Mozilla Firefox 3.6.2
Mozilla Firefox 3.5.17
Mozilla Firefox 3.5.16
Mozilla Firefox 3.5.14
Mozilla Firefox 3.5.13
Mozilla Firefox 3.5.10
Mozilla Firefox 3.5.9
Mozilla Firefox 3.5.8
Mozilla Firefox 3.5.7
Mozilla Firefox 3.5.6
Mozilla Firefox 3.5.5
Mozilla Firefox 3.5.4
Mozilla Firefox 3.5.3
Mozilla Firefox 3.5.2
Mozilla Firefox 3.5.1
Mozilla Firefox 3.5
Mozilla Firefox 3.0.18
Mozilla Firefox 3.0.17
Mozilla Firefox 3.0.16
Mozilla Firefox 3.0.15
Mozilla Firefox 3.0.14
Mozilla Firefox 3.0.13
Mozilla Firefox 3.0.12
Mozilla Firefox 3.0.11
Mozilla Firefox 3.0.10
Mozilla Firefox 3.0.9
Mozilla Firefox 3.0.8
Mozilla Firefox 3.0.7 Beta
Mozilla Firefox 3.0.7
Mozilla Firefox 3.0.6
Mozilla Firefox 3.0.5
Mozilla Firefox 3.0.4
Mozilla Firefox 3.0.3
Mozilla Firefox 3.0.2
Mozilla Firefox 3.0.1
Mozilla Firefox 2.0 20
Mozilla Firefox 2.0 .9
Mozilla Firefox 2.0 .8
Mozilla Firefox 2.0 .7
Mozilla Firefox 2.0 .6
Mozilla Firefox 2.0 .5
Mozilla Firefox 2.0 .4
Mozilla Firefox 2.0 .3
Mozilla Firefox 2.0 .19
Mozilla Firefox 2.0 .17
Mozilla Firefox 2.0 .16
Mozilla Firefox 2.0 .10
Mozilla Firefox 2.0 .1
Mozilla Firefox 1.5.8
Mozilla Firefox 1.5.7
Mozilla Firefox 1.5.6
Mozilla Firefox 1.5.5
Mozilla Firefox 1.5.4
Mozilla Firefox 1.5.2
Mozilla Firefox 1.5.1
Mozilla Firefox 1.5 beta 2
Mozilla Firefox 1.5 beta 1
Mozilla Firefox 1.5 12
Mozilla Firefox 1.5 .8
Mozilla Firefox 1.5
Mozilla Firefox 1.0.8
Mozilla Firefox 1.0.7
Mozilla Firefox 1.0.6
Mozilla Firefox 1.0.5
Mozilla Firefox 1.0.4
Mozilla Firefox 1.0.3
Mozilla Firefox 1.0.2
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Mandriva Linux Mandrake 10.2
+ Red Hat Enterprise Linux AS 4
+ Red Hat Enterprise Linux AS 4
+ RedHat Desktop 4.0
+ RedHat Desktop 4.0
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux WS 4
+ RedHat Enterprise Linux WS 4
Mozilla Firefox 1.0.1
Mozilla Firefox 1.0
Mozilla Firefox 0.10.1
Mozilla Firefox 0.10
Mozilla Firefox 0.9.3
Mozilla Firefox 0.9.2
Mozilla Firefox 0.9.1
Mozilla Firefox 0.9 rc
Mozilla Firefox 0.9
Mozilla Firefox 0.8
Mozilla Firefox 0.6.1
Mozilla Firefox 0.0.13
Mozilla Firefox 9.0
Mozilla Firefox 8.0.1
Mozilla Firefox 8.0
Mozilla Firefox 7.0.1
Mozilla Firefox 7.0
Mozilla Firefox 7
Mozilla Firefox 6.0.2
Mozilla Firefox 6.0.1
Mozilla Firefox 6.0
Mozilla Firefox 6
Mozilla Firefox 5.0.1
Mozilla Firefox 5.0
Mozilla Firefox 4.0.1
Mozilla Firefox 4.0 Beta9
Mozilla Firefox 4.0 Beta8
Mozilla Firefox 4.0 Beta7
Mozilla Firefox 4.0 Beta6
Mozilla Firefox 4.0 Beta5
Mozilla Firefox 4.0 Beta4
Mozilla Firefox 4.0 Beta3
Mozilla Firefox 4.0 Beta12
Mozilla Firefox 4.0 Beta11
Mozilla Firefox 4.0 Beta10
Mozilla Firefox 4.0 Beta1
Mozilla Firefox 4.0
Mozilla Firefox 3.6.7
Mozilla Firefox 3.6.27
Mozilla Firefox 3.6.26
Mozilla Firefox 3.6.25
Mozilla Firefox 3.6.24
Mozilla Firefox 3.6.23
Mozilla Firefox 3.6.21
Mozilla Firefox 3.6.20
Mozilla Firefox 3.6.19
Mozilla Firefox 3.6.18
Mozilla Firefox 3.6.17
Mozilla Firefox 3.6.16
Mozilla Firefox 3.6.15
Mozilla Firefox 3.6.14
Mozilla Firefox 3.6.12
Mozilla Firefox 3.6.11
Mozilla Firefox 3.6 Beta 3
Mozilla Firefox 3.6 Beta 2
Mozilla Firefox 3.6
Mozilla Firefox 3.5.19
Mozilla Firefox 3.5.18
Mozilla Firefox 3.5.15
Mozilla Firefox 3.5.12
Mozilla Firefox 3.5.11
Mozilla Firefox 3.1 Beta 3
Mozilla Firefox 3.1 Beta 2
Mozilla Firefox 3.1 Beta 1
Mozilla Firefox 3.0.19
Mozilla Firefox 3.0 Beta 5
Mozilla Firefox 3.0
Mozilla Firefox 2.0.0.2
Mozilla Firefox 2.0.0.19
Mozilla Firefox 2.0.0.18
Mozilla Firefox 2.0.0.15
Mozilla Firefox 2.0.0.14
Mozilla Firefox 2.0.0.13
Mozilla Firefox 2.0.0.12
Mozilla Firefox 2.0.0.11
Mozilla Firefox 2.0 RC3
Mozilla Firefox 2.0 RC2
Mozilla Firefox 2.0 beta 1
Mozilla Firefox 2.0
Mozilla Firefox 13.0
Mozilla Firefox 12.0
Mozilla Firefox 11.0
Mozilla Firefox 10.0.2
Mozilla Firefox 10.0.1
Mozilla Firefox 10.0
Mozilla Firefox 10
Mozilla Firefox 1.8
Mozilla Firefox 1.5.3
Mozilla Firefox 1.5.0.9
Mozilla Firefox 1.5.0.7
Mozilla Firefox 1.5.0.6
Mozilla Firefox 1.5.0.5
Mozilla Firefox 1.5.0.4
Mozilla Firefox 1.5.0.3
Mozilla Firefox 1.5.0.2
Mozilla Firefox 1.5.0.11
Mozilla Firefox 1.5.0.10
Mozilla Firefox 1.5.0.1
Mozilla Firefox 1.4.1
Mozilla Firefox 0.7
Mozilla Firefox 0.6
Mozilla Firefox 0.5
Mozilla Firefox 0.4
Mozilla Firefox 0.3
Mozilla Firefox 0.2
Mozilla Firefox 0.1

- 漏洞讨论

Mozilla Firefox for Android is prone to an information-disclosure vulnerability.

Successful exploits may allow the attacker to gain access to sensitive information. Information obtained may lead to further attacks.

This issue is fixed in Firefox 27.

- 漏洞利用

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站