Mozilla Firefox before 38.0 on Android does not properly restrict writing URL data to the Android logging system, which allows attackers to obtain sensitive information via a crafted application that has a required permission for reading a log, as demonstrated by the READ_LOGS permission for the mixed-content violation log on Android 4.0 and earlier.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2015-05-14T10:00:00
Updated: 2024-08-06T05:24:38.649Z
Reserved: 2015-03-25T00:00:00
Link: CVE-2015-2714
Vulnrichment
No data.
NVD
Status : Modified
Published: 2015-05-14T10:59:07.133
Modified: 2017-01-03T02:59:54.333
Link: CVE-2015-2714
Redhat
No data.