CVE-2014-1506

2014-03-19 11:55:06 2016-11-15 19:05:03

Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a denial of service (application crash), via a crafted application that specifies Android Crash Reporter arguments.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

NONE

Availability

PARTIAL

Oracle Solaris 11.3 (not an official CPE)

Mozilla Firefox 10.0.12 Mozilla Firefox 1.0.6 Mozilla Firefox 1.0.5 Mozilla Firefox 1.0.4 Mozilla Firefox 10.0.10 Mozilla Firefox 1.0.8 Mozilla Firefox 1.0.3 Mozilla Firefox 20.0 Mozilla Firefox 1.5.0.11 Mozilla Firefox 1.5.0.10 Mozilla Firefox 1.5.0.12 Mozilla Firefox 7.0 Mozilla Firefox 19.0.1 Mozilla Firefox 19.0.2 Mozilla Firefox 0.7.1 Mozilla Firefox 20.0.1 Mozilla Firefox 21.0 Mozilla Firefox 3.6.13 Mozilla Firefox 3.6.14 Mozilla Firefox 3.6.15 Mozilla Firefox 3.6.10 Mozilla Firefox 3.6.11 Mozilla Firefox 3.6.12 Mozilla Firefox 25.0.1 Mozilla Firefox 0.6 Mozilla Firefox 3.6.17 Mozilla Firefox 3.6.18 Mozilla Firefox 3.6.19 Mozilla Firefox 18.0 Mozilla Firefox 3.6.16 Mozilla Firefox 0.7 Mozilla Firefox 8.0 Mozilla Firefox 0.8 Mozilla Firefox 0.9 Mozilla Firefox 10.0 Mozilla Firefox 0.3 Mozilla Firefox 0.4 Mozilla Firefox 0.5 Mozilla Firefox 0.1 Mozilla Firefox 0.2 Mozilla Firefox 4.0 beta9 Mozilla Firefox 3.6.24 Mozilla Firefox 4.0 beta8 Mozilla Firefox 3.6.25 Mozilla Firefox 4.0 beta7 Mozilla Firefox 3.6.26 Mozilla Firefox 4.0 beta6 Mozilla Firefox 3.6.20 Mozilla Firefox 3.6.21 Mozilla Firefox 3.6.22 Mozilla Firefox 3.6.23 Mozilla Firefox 3.6.28 Mozilla Firefox 10.0.5 Mozilla Firefox 3.6.27 Mozilla Firefox 4.0 beta1 Mozilla Firefox 4.0 beta5 Mozilla Firefox 4.0 beta4 Mozilla Firefox 4.0 beta3 Mozilla Firefox 4.0 beta2 Mozilla Firefox 4.0.1 Mozilla Firefox 0.9.3 Mozilla Firefox 1.5 Mozilla Firefox 0.9 rc Mozilla Firefox 19.0 Mozilla Firefox 17.0.10 Mozilla Firefox 4.0 beta11 Mozilla Firefox 17.0.11 Mozilla Firefox 4.0 beta12 Mozilla Firefox 5.0.1 Mozilla Firefox 9.0 Mozilla Firefox 18.0.1 Mozilla Firefox 0.9.1 Mozilla Firefox 11.0 Mozilla Firefox 0.9.2 Mozilla Firefox 1.0 Mozilla Firefox 18.0.2 Mozilla Firefox 1.5.2 Mozilla Firefox 1.5.1 Mozilla Firefox 1.5.5 Mozilla Firefox 1.5.4 Mozilla Firefox 1.5.3 Mozilla Firefox 4.0 beta10 Mozilla Firefox 1.5.8 Mozilla Firefox 1.5.7 Mozilla Firefox 23.0 Mozilla Firefox 1.5.6 Mozilla Firefox 24.1.1 Mozilla Firefox 2.0.0.19 Mozilla Firefox 2.0.0.11 Mozilla Firefox 2.0.0.16 Mozilla Firefox 2.0.0.17 Mozilla Firefox 2.0.0.18 Mozilla Firefox 17.0.8 Mozilla Firefox 2.0.0.12 Mozilla Firefox 17.0.7 Mozilla Firefox 2.0.0.13 Mozilla Firefox 2.0.0.14 Mozilla Firefox 17.0.9 Mozilla Firefox 2.0.0.15 Mozilla Firefox 9.0.1 Mozilla Firefox 17.0.6 Mozilla Firefox 12.0 Mozilla Firefox 2.0.0.10 Mozilla Firefox 2.0 Mozilla Firefox 3.5.11 Mozilla Firefox 3.5.10 Mozilla Firefox 3.5.14 Mozilla Firefox 3.5.13 Mozilla Firefox 3.5.12 Mozilla Firefox 3.0.9 Mozilla Firefox 3.5.19 Mozilla Firefox 3.5.18 Mozilla Firefox 3.5.17 Mozilla Firefox 3.5.16 Mozilla Firefox 13.0.1 Mozilla Firefox 3.0.1 Mozilla Firefox 3.0.2 Mozilla Firefox 3.0.3 Mozilla Firefox 3.0.4 Mozilla Firefox 3.0.5 Mozilla Firefox 3.5.15 Mozilla Firefox 3.0.6 Mozilla Firefox 3.0.7 Mozilla Firefox 3.0.8 Mozilla Firefox 24.0 Mozilla Firefox 24.1 Mozilla Firefox 3.0.17 Mozilla Firefox 3.0.16 Mozilla Firefox 3.0.15 Mozilla Firefox 3.0.14 Mozilla Firefox 3.0.13 Mozilla Firefox 3.0.12 Mozilla Firefox 3.0.11 Mozilla Firefox 10.0.7 Mozilla Firefox 3.0.10 Mozilla Firefox 10.0.6 Mozilla Firefox 10.0.9 Mozilla Firefox 10.0.8 Mozilla Firefox 3.5 Mozilla Firefox 3.6 Mozilla Firefox 3.0.19 Mozilla Firefox 3.0 Mozilla Firefox 3.0.18 Mozilla Firefox 10.0.1 Mozilla Firefox 13.0 Mozilla Firefox 10.0.3 Mozilla Firefox 10.0.4 Mozilla Firefox 10.0.2 Mozilla Firefox 1.5.0.1 Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.3 Mozilla Firefox 14.0.1 Mozilla Firefox 1.0 Preview Release Mozilla Firefox 6.0.1 Mozilla Firefox 6.0.2 Mozilla Firefox 1.5.0.4 Mozilla Firefox 16.0.2 Mozilla Firefox 16.0.1 Mozilla Firefox 1.5.0.9 Mozilla Firefox 2.0.0.20 Mozilla Firefox 1.5.0.5 Mozilla Firefox 25.0 Mozilla Firefox 1.5.0.6 Mozilla Firefox 1.5.0.7 Mozilla Firefox 1.5.0.8 Mozilla Firefox 8.0.1 Mozilla Firefox 4.0 Mozilla Firefox 14.0 Mozilla Firefox 0.6.1 Mozilla Firefox 3.6.3 Mozilla Firefox 3.6.4 Mozilla Firefox 3.6.6 Mozilla Firefox 3.6.7 Mozilla Firefox 3.6.8 Mozilla Firefox 3.6.9 Mozilla Firefox 3.6.2 Mozilla Firefox 26.0 Mozilla Firefox 2.0.0.5 Mozilla Firefox 2.0.0.6 Mozilla Firefox 2.0.0.7 Mozilla Firefox 12.0 beta6 Mozilla Firefox 2.0.0.1 Mozilla Firefox 2.0.0.2 Mozilla Firefox 2.0.0.3 Mozilla Firefox 2.0.0.4 Mozilla Firefox 2.0.0.8 Mozilla Firefox 5.0 Mozilla Firefox 27.0.1 Mozilla Firefox 2.0.0.9 Mozilla Firefox 15.0 Mozilla Firefox 3.5.4 Mozilla Firefox 17.0.4 Mozilla Firefox 3.5.5 Mozilla Firefox 17.0.3 Mozilla Firefox 3.5.6 Mozilla Firefox 1.5 Beta 2 Mozilla Firefox 3.5.7 Mozilla Firefox 1.5 Beta 1 Mozilla Firefox 17.0.5 Mozilla Firefox 3.5.8 Mozilla Firefox 3.5.9 Mozilla Firefox 17.0.2 Mozilla Firefox 3.5.1 Mozilla Firefox 3.5.2 Mozilla Firefox 3.5.3 Mozilla Firefox 7.0.1 Mozilla Firefox 27.0 Mozilla Firefox 1.0.7 Mozilla Firefox 10.0.11 Mozilla Firefox 0.10.1 Mozilla Firefox 1.0.1 Mozilla Firefox 1.0.2 Mozilla Firefox 23.0.1 Mozilla Firefox 16.0 Mozilla Firefox 6.0 Mozilla Firefox 15.0.1 Mozilla Firefox 0.10

Mozilla - Firefox Oracle - Solaris

Advisory	Patch	Confirmed	Link
			http://www.mozilla.org/security/announce/2014/mfsa2014-2...
			http://www.oracle.com/technetwork/topics/security/bullet...
			https://bugzilla.mozilla.org/show_bug.cgi?id=944374
			66420
			20140326 Firefox for Android Profile Directory Derandomi...

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (ID 22)

Related CAPEC 7 Relative Path Traversal (CAPEC-ID 139) Directory Traversal (CAPEC-ID 213) File System Function Injection, Content Based (CAPEC-ID 23) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) Manipulating Input to File System Calls (CAPEC-ID 76) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79)