CVE-2015-5961

The COPPA error page in the Accounts setup dialog in Mozilla Firefox OS before 2.2 embeds content from an external web server URL into the System process, which allows man-in-the-middle attackers to bypass intended access restrictions by spoofing that server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 UNKNOWN
ADJACENT_NETWORK
LOW
AV:A/AC:L/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
mozillafirefox_os
𝑥
≤ 2.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.mozilla.org/security/announce/2015/mfsa2015-75.html
http://www.securityfocus.com/bid/76255
https://bugzilla.mozilla.org/show_bug.cgi?id=1123433
http://www.mozilla.org/security/announce/2015/mfsa2015-75.html
http://www.securityfocus.com/bid/76255
https://bugzilla.mozilla.org/show_bug.cgi?id=1123433