CVE-2015-5961
low
CVSS v3
—
CVSS v2
3.3
VIR risk
3.3
Description
The COPPA error page in the Accounts setup dialog in Mozilla Firefox OS before 2.2 embeds content from an external web server URL into the System process, which allows man-in-the-middle attackers to bypass intended access restrictions by spoofing that server.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://bugzilla.mozilla.org/show_bug.cgi?id=1123433
References
- http://www.mozilla.org/security/announce/2015/mfsa2015-75.html
- http://www.securityfocus.com/bid/76255
- https://bugzilla.mozilla.org/show_bug.cgi?id=1123433
- http://www.mozilla.org/security/announce/2015/mfsa2015-75.html
- http://www.securityfocus.com/bid/76255
- https://bugzilla.mozilla.org/show_bug.cgi?id=1123433
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.