1. Home
  2. Vulnerabilities
  3. CVE-2015-7195

CVE-2015-7195

CVSS v2.0 5 (Medium)
50% Progress
EPSS 0.51 % (77th)
0.51% Progress
Affected Products 1
Advisories 3
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect.

Weaknesses
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2015-11-05 05:59:19
(8 years ago)
Updated Date
2016-12-07 18:23:14
(7 years ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox 41.0.2 and prior versions cpe:2.3:a:mozilla:firefox <= 41.0.2