CVE-2015-7186

Upstream information

CVE-2015-7186 at MITRE

Description

Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger (1) a download or (2) cached profile-data reading via a file: URL in a saved HTML document.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	4.3
Vector	AV:N/AC:M/Au:N/C:P/I:N/A:N
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	None
Availability Impact	None

SUSE Bugzilla entry: 952810 [RESOLVED / FIXED]

SUSE Security Advisories:

openSUSE-SU-2015:1942-1, published Mon, 9 Nov 2015 23:10:09 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Module for Desktop Applications 15	`MozillaFirefox >= 52.7.3-1.35` `MozillaFirefox-devel >= 52.7.3-1.35` `MozillaFirefox-translations-common >= 52.7.3-1.35` `MozillaFirefox-translations-other >= 52.7.3-1.35`	Patchnames: SUSE Linux Enterprise Module for Desktop Applications 15 GA MozillaFirefox
openSUSE 13.1	`MozillaFirefox >= 42.0-94.4` `MozillaFirefox-branding-upstream >= 42.0-94.4` `MozillaFirefox-buildsymbols >= 42.0-94.4` `MozillaFirefox-debuginfo >= 42.0-94.4` `MozillaFirefox-debugsource >= 42.0-94.4` `MozillaFirefox-devel >= 42.0-94.4` `MozillaFirefox-translations-common >= 42.0-94.4` `MozillaFirefox-translations-other >= 42.0-94.4` `libfreebl3 >= 3.20.1-62.2` `libfreebl3-32bit >= 3.20.1-62.2` `libfreebl3-debuginfo >= 3.20.1-62.2` `libfreebl3-debuginfo-32bit >= 3.20.1-62.2` `libsoftokn3 >= 3.20.1-62.2` `libsoftokn3-32bit >= 3.20.1-62.2` `libsoftokn3-debuginfo >= 3.20.1-62.2` `libsoftokn3-debuginfo-32bit >= 3.20.1-62.2` `mozilla-nspr >= 4.10.10-25.1` `mozilla-nspr-32bit >= 4.10.10-25.1` `mozilla-nspr-debuginfo >= 4.10.10-25.1` `mozilla-nspr-debuginfo-32bit >= 4.10.10-25.1` `mozilla-nspr-debugsource >= 4.10.10-25.1` `mozilla-nspr-devel >= 4.10.10-25.1` `mozilla-nss >= 3.20.1-62.2` `mozilla-nss-32bit >= 3.20.1-62.2` `mozilla-nss-certs >= 3.20.1-62.2` `mozilla-nss-certs-32bit >= 3.20.1-62.2` `mozilla-nss-certs-debuginfo >= 3.20.1-62.2` `mozilla-nss-certs-debuginfo-32bit >= 3.20.1-62.2` `mozilla-nss-debuginfo >= 3.20.1-62.2` `mozilla-nss-debuginfo-32bit >= 3.20.1-62.2` `mozilla-nss-debugsource >= 3.20.1-62.2` `mozilla-nss-devel >= 3.20.1-62.2` `mozilla-nss-sysinit >= 3.20.1-62.2` `mozilla-nss-sysinit-32bit >= 3.20.1-62.2` `mozilla-nss-sysinit-debuginfo >= 3.20.1-62.2` `mozilla-nss-sysinit-debuginfo-32bit >= 3.20.1-62.2` `mozilla-nss-tools >= 3.20.1-62.2` `mozilla-nss-tools-debuginfo >= 3.20.1-62.2` `seamonkey >= 2.39-59.1` `seamonkey-debuginfo >= 2.39-59.1` `seamonkey-debugsource >= 2.39-59.1` `seamonkey-dom-inspector >= 2.39-59.1` `seamonkey-irc >= 2.39-59.1` `seamonkey-translations-common >= 2.39-59.1` `seamonkey-translations-other >= 2.39-59.1`	Patchnames: openSUSE-2015-718
openSUSE Leap 15.0	`MozillaFirefox >= 60.0-lp150.2.2` `MozillaFirefox-translations-common >= 60.0-lp150.2.2` `MozillaFirefox-translations-other >= 60.0-lp150.2.2`	Patchnames: openSUSE Leap 15.0 GA MozillaFirefox
openSUSE Leap 42.1	`MozillaFirefox >= 42.0-3.5` `MozillaFirefox-branding-upstream >= 42.0-3.5` `MozillaFirefox-buildsymbols >= 42.0-3.5` `MozillaFirefox-debuginfo >= 42.0-3.5` `MozillaFirefox-debugsource >= 42.0-3.5` `MozillaFirefox-devel >= 42.0-3.5` `MozillaFirefox-translations-common >= 42.0-3.5` `MozillaFirefox-translations-other >= 42.0-3.5` `libfreebl3 >= 3.20.1-3.3` `libfreebl3-32bit >= 3.20.1-3.3` `libfreebl3-debuginfo >= 3.20.1-3.3` `libfreebl3-debuginfo-32bit >= 3.20.1-3.3` `libsoftokn3 >= 3.20.1-3.3` `libsoftokn3-32bit >= 3.20.1-3.3` `libsoftokn3-debuginfo >= 3.20.1-3.3` `libsoftokn3-debuginfo-32bit >= 3.20.1-3.3` `mozilla-nspr >= 4.10.10-4.1` `mozilla-nspr-32bit >= 4.10.10-4.1` `mozilla-nspr-debuginfo >= 4.10.10-4.1` `mozilla-nspr-debuginfo-32bit >= 4.10.10-4.1` `mozilla-nspr-debugsource >= 4.10.10-4.1` `mozilla-nspr-devel >= 4.10.10-4.1` `mozilla-nss >= 3.20.1-3.3` `mozilla-nss-32bit >= 3.20.1-3.3` `mozilla-nss-certs >= 3.20.1-3.3` `mozilla-nss-certs-32bit >= 3.20.1-3.3` `mozilla-nss-certs-debuginfo >= 3.20.1-3.3` `mozilla-nss-certs-debuginfo-32bit >= 3.20.1-3.3` `mozilla-nss-debuginfo >= 3.20.1-3.3` `mozilla-nss-debuginfo-32bit >= 3.20.1-3.3` `mozilla-nss-debugsource >= 3.20.1-3.3` `mozilla-nss-devel >= 3.20.1-3.3` `mozilla-nss-sysinit >= 3.20.1-3.3` `mozilla-nss-sysinit-32bit >= 3.20.1-3.3` `mozilla-nss-sysinit-debuginfo >= 3.20.1-3.3` `mozilla-nss-sysinit-debuginfo-32bit >= 3.20.1-3.3` `mozilla-nss-tools >= 3.20.1-3.3` `mozilla-nss-tools-debuginfo >= 3.20.1-3.3` `seamonkey >= 2.39-3.1` `seamonkey-debuginfo >= 2.39-3.1` `seamonkey-debugsource >= 2.39-3.1` `seamonkey-dom-inspector >= 2.39-3.1` `seamonkey-irc >= 2.39-3.1` `seamonkey-translations-common >= 2.39-3.1` `seamonkey-translations-other >= 2.39-3.1` `xulrunner >= 38.4.0-3.2` `xulrunner-32bit >= 38.4.0-3.2` `xulrunner-debuginfo >= 38.4.0-3.2` `xulrunner-debuginfo-32bit >= 38.4.0-3.2` `xulrunner-debugsource >= 38.4.0-3.2` `xulrunner-devel >= 38.4.0-3.2`	Patchnames: openSUSE-2015-718
openSUSE Leap 42.2	`MozillaFirefox >= 49.0.2-37.1` `MozillaFirefox-translations-common >= 49.0.2-37.1`	Patchnames: openSUSE Leap 42.2 GA MozillaFirefox
openSUSE Leap 42.3	`MozillaFirefox >= 52.2-58.2` `MozillaFirefox-translations-common >= 52.2-58.2`	Patchnames: openSUSE Leap 42.3 GA MozillaFirefox
openSUSE Tumbleweed	`MozillaFirefox >= 50.1.0-1.1` `MozillaFirefox-branding-upstream >= 50.1.0-1.1` `MozillaFirefox-buildsymbols >= 50.1.0-1.1` `MozillaFirefox-devel >= 50.1.0-1.1` `MozillaFirefox-translations-common >= 50.1.0-1.1` `MozillaFirefox-translations-other >= 50.1.0-1.1` `seamonkey >= 2.40-6.1` `seamonkey-dom-inspector >= 2.40-6.1` `seamonkey-irc >= 2.40-6.1` `seamonkey-translations-common >= 2.40-6.1` `seamonkey-translations-other >= 2.40-6.1`	Patchnames: openSUSE Tumbleweed GA MozillaFirefox openSUSE Tumbleweed GA seamonkey