Vulnerability CVE-2015-8511


Published: 2016-01-08   Modified: 2016-01-09

Description:
Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.

Vendor: Mozilla
Product: Firefox os 
Version: 2.2;

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.9/10
10/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
https://bugzilla.mozilla.org/show_bug.cgi?id=1173284
http://www.mozilla.org/security/announce/2015/mfsa2015-152.html

Related CVE
CVE-2018-10229
A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API.
CVE-2018-7753
An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not...
CVE-2017-11698
Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
CVE-2017-11697
The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file.
CVE-2017-11696
Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
CVE-2017-11695
Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
CVE-2007-5341
Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8.
CVE-2017-7502
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.

Copyright 2018, cxsecurity.com

 

Back to Top