Information disclosure in Google Android

CVE-2014-1484

Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.

Vulnerability class: Information Disclosure

EPSS: 0.006 (70.8th percentile) — read the EPSS interpretation.

Affected products

Google Android — versions 4.2
Mozilla Firefox — versions 0.1, 0.2, 0.3
Opensuse_project Opensuse — versions 12.3
Oracle Solaris — versions 11.3
Opensuse — versions 13.1
Suse Linux_enterprise_desktop — versions 11
Suse Linux_enterprise_server — versions 11
Suse Linux_enterprise_software_development_kit — versions 11
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

openSUSE-SU-2014:0212 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
security@mozilla.org (x_refsource_CONFIRM, Issue Tracking, Vendor Advisory)
102870 (x_refsource_OSVDB, vdb-entry)
20140326 Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516) (mailing-list, x_refsource_BUGTRAQ, Third Party Advisory)
65323 (vdb-entry, x_refsource_BID)
1029719 (vdb-entry, x_refsource_SECTRACK)
security@mozilla.org (x_refsource_CONFIRM, Third Party Advisory)
firefox-android-cve20141484-info-disc(90892) (vdb-entry, x_refsource_XF)
security@mozilla.org (x_refsource_CONFIRM, Vendor Advisory)
SUSE-SU-2014:0248 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)