Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in the DeviceStorage API in Mozilla FirefoxOS before 1.2.2 allows attackers to bypass the media sandbox protection mechanism, and read or modify arbitrary files, via a crafted application that uses a relative pathname for a DeviceStorageFile object.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla FirefoxOS DeviceStorage API 目录遍历漏洞
Vulnerability Description
Mozilla FirefoxOS是美国Mozilla基金会的一套基于Linux内核并应用于智能手机和平板电脑中的移动操作系统。 Mozilla FirefoxOS 1.2及之前版本中的DeviceStorage API中存在目录遍历漏洞,该漏洞源于dom/devicestorage/nsDeviceStorage.cpp文件中的‘DeviceStorageFile::NormalizeFilePath()’函数没有正确过滤用户提交的输入。远程攻击者可利用该漏洞绕过媒体沙盒保护机制,读取或修改任意文件。
CVSS Information
N/A
Vulnerability Type
N/A