CVE-2014-1507

CVE Database · CVE-2014-1507

CVE-2014-1507

· N/AModified

CVSS v3.1

N/A

EPSS

1.10%

Published

Mar 19, 2014

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Directory traversal vulnerability in the DeviceStorage API in Mozilla FirefoxOS before 1.2.2 allows attackers to bypass the media sandbox protection mechanism, and read or modify arbitrary files, via a crafted application that uses a relative pathname for a DeviceStorageFile object.

Weaknesses (CWE)

CWE-22

Affected Products (2)

oracle · solarisvulnerable

mozilla · firefoxosvulnerable

References (6)

http://www.mozilla.org/security/announce/2014/mfsa2014-25.html

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Third Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=940684

Issue Tracking