Skip to main content

Firefox Os CVE-2015-2744

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2015-08-08 security@mozilla.org
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 08, 2015 - 00:59 cve.org
MEDIUM 4.3

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in the Search app in Gaia in Mozilla Firefox OS before 2.2 allows remote attackers to inject arbitrary HTML via a crafted search link that is mishandled after re-opening the browser or opening the tab view.

AnalysisAI

Cross-site scripting (XSS) vulnerability in the Search app in Gaia in Mozilla Firefox OS before 2.2 allows remote attackers to inject arbitrary HTML via a crafted search link that is mishandled after. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in the Search app in Gaia in Mozilla Firefox OS before 2.2 allows remote attackers to inject arbitrary HTML via a crafted search link that is mishandled after re-opening the browser or opening the tab view. Affected products include: Mozilla Firefox Os. Version information: before 2.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2015-4487 HIGH
7.5 Aug 16

The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS befo

CVE-2015-4489 HIGH
7.5 Aug 16

The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might al

CVE-2015-4488 HIGH
7.5 Aug 16

Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38

CVE-2015-8511 MEDIUM
6.4 Jan 09

Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypas

CVE-2015-8510 MEDIUM
6.1 Jan 09

Cross-site scripting (XSS) vulnerability in the internationalization feature in the default homescreen app in Mozilla Fi

CVE-2015-5962 MEDIUM
5.0 Aug 08

Integer signedness error in the SharedBufferManagerParent::RecvAllocateGrallocBuffer function in the buffer-management i

CVE-2015-8512 MEDIUM
4.6 Jan 09

The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which

CVE-2015-2745 MEDIUM
4.3 Aug 08

Multiple cross-site scripting (XSS) vulnerabilities in the Search app in Gaia in Mozilla Firefox OS before 2.2 allow rem

CVE-2015-4494 MEDIUM
4.3 Aug 08

Mozilla Firefox OS before 2.2 does not require the wifi-manage privilege for reading a Wi-Fi system message, which allow

CVE-2015-5961 LOW
3.3 Aug 08

The COPPA error page in the Accounts setup dialog in Mozilla Firefox OS before 2.2 embeds content from an external web s

CVE-2015-5960 LOW
1.9 Aug 08

Mozilla Firefox OS before 2.2 allows physically proximate attackers to bypass the pass-code protection mechanism and acc

Share

CVE-2015-2744 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy