CVE-2015-2745: XSS
First published: Sat Aug 08 2015(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the Search app in Gaia in Mozilla Firefox OS before 2.2 allow remote attackers to inject arbitrary HTML via the (1) name or (2) title field in card content associated with a search link that is mishandled after a HOME button press or a Show Windows action, as demonstrated by embedding an arbitrary application or spoofing the account-creation page.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox OS | <=2.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-2745?
CVE-2015-2745 is classified as a medium severity vulnerability due to its potential for exploiting cross-site scripting (XSS).
How do I fix CVE-2015-2745?
To address CVE-2015-2745, update Mozilla Firefox OS to version 2.2 or later, which includes the necessary security patches.
What types of attacks can be performed using CVE-2015-2745?
CVE-2015-2745 allows remote attackers to inject arbitrary HTML code, leading to potential XSS attacks that can manipulate user data or session information.
Which software versions are affected by CVE-2015-2745?
CVE-2015-2745 affects Mozilla Firefox OS versions prior to 2.2, including all versions up to 2.1.0.
Who is impacted by the vulnerabilities in CVE-2015-2745?
Users of Mozilla Firefox OS versions before 2.2 are at risk of being affected by the vulnerabilities described in CVE-2015-2745.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/tags
- agent/event
- agent/description
- agent/source
- vendor/mozilla
- canonical/mozilla firefox os
- version/mozilla firefox os/2.1.0