CVE-2014-1507

Description

Directory traversal vulnerability in the DeviceStorage API in Mozilla FirefoxOS before 1.2.2 allows attackers to bypass the media sandbox protection mechanism, and read or modify arbitrary files, via a crafted application that uses a relative pathname for a DeviceStorageFile object.

Read the notes from the security team

• How can I get the fixes?
• What do statuses mean?

Notes

References

• MITRE
• NVD
• Launchpad
• Debian

Other references

• http://www.mozilla.org/security/announce/2014/mfsa2014-25.html
• https://www.cve.org/CVERecord?id=CVE-2014-1507