Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML documents via a crafted application.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Firefox 信息泄露漏洞
Vulnerability Description
Mozilla Firefox是美国Mozilla基金会开发的一款开源Web浏览器。 基于Android 4.4及之前版本平台的Mozilla Firefox 42.0.2及之前版本的Search功能中存在安全漏洞,该漏洞源于程序支持search-engine URL注册,并且当使用崩溃报告程序时程序会以系统权限执行URL。攻击者可借助特制的应用程序利用该漏洞读取日志文件,并访问HTML文档的file: URL。
CVSS Information
N/A
Vulnerability Type
N/A