CVE-2015-2742 : Mozilla Firefox before 39.0 on OS X includes native key press information during the logging of crashes, which allows re

Mozilla Firefox before 39.0 on OS X includes native key press information during the logging of crashes, which allows remote attackers to obtain sensitive information by leveraging access to a crash-reporting data stream.

Published 2015-07-06 02:01:10

Updated 2021-09-22 14:22:12

Source Mozilla Corporation

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2015-2742

Probability of exploitation activity in the next 30 days: 0.31%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 66 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-2742

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2015-2742

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-2742

http://www.securitytracker.com/id/1032783

Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, Bypass Security Restrictions, and Gain Elevated Privileges - SecurityTracker

CVEs referencing this url
https://security.gentoo.org/glsa/201512-10

Mozilla Products: Multiple vulnerabilities (GLSA 201512-10) — Gentoo security

CVEs referencing this url
http://www.securityfocus.com/bid/75541

Mozilla Firefox/Thunderbird Multiple Security Vulnerabilities

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Oracle Solaris Third Party Bulletin - October 2015
Third Party Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Oracle Solaris Bulletin - April 2016
Third Party Advisory

CVEs referencing this url
https://bugzilla.mozilla.org/show_bug.cgi?id=1138669

1138669 - (CVE-2015-2742) Some mac crash reports include private information
Issue Tracking;Vendor Advisory
http://www.mozilla.org/security/announce/2015/mfsa2015-68.html

OS X crash reports may contain entered key press information — Mozilla
Vendor Advisory

Products affected by CVE-2015-2742

Oracle » Solaris » Version: 11.3
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox
Versions up to, including, (<=) 38.1.0
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Macos

Vulnerability Details : CVE-2015-2742

Exploit prediction scoring system (EPSS) score for CVE-2015-2742

CVSS scores for CVE-2015-2742

CWE ids for CVE-2015-2742

References for CVE-2015-2742

Products affected by CVE-2015-2742