Home

CVE-2015-7195

Description

The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect.

Risk Information

Base Score
4.3
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.567

Associated Vulnerability

VulnerabilityOS Platform
Update for Mozilla Firefox (42.0)Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (42.0)Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (142.0)Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (142.0.1)Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 41.0.2Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-302187Update for Mozilla Firefox (42.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234