CVE-2015-2742

Published: Jul 6, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Mozilla Firefox before 39.0 on OS X includes native key press information during the logging of crashes, which allows remote attackers to obtain sensitive information by leveraging access to a crash-reporting data stream.

Affected (2)

Products: Oracle: Solaris · Mozilla: Firefox

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Solaris	Version 11.3

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 38.1.0

Running on/with	Platform Versions
Apple Macos	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (14)

http://www.mozilla.org/security/announce/2015/mfsa2015-68.html

Source: security@mozilla.org

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: security@mozilla.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Source: security@mozilla.org

Third Party Advisory

http://www.securityfocus.com/bid/75541

Source: security@mozilla.org

http://www.securitytracker.com/id/1032783

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1138669

Source: security@mozilla.org

Issue TrackingVendor Advisory

https://security.gentoo.org/glsa/201512-10

Source: security@mozilla.org

http://www.mozilla.org/security/announce/2015/mfsa2015-68.html