CVE-2015-5961
Firefox OS < 2.1.0 - Man-in-the-Middle Attack via COPPA Error Page
Title source: llmDescription
The COPPA error page in the Accounts setup dialog in Mozilla Firefox OS before 2.2 embeds content from an external web server URL into the System process, which allows man-in-the-middle attackers to bypass intended access restrictions by spoofing that server.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1123433
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/76255
Various Sources x_refsource_confirm
http://www.mozilla.org/security/announce/2015/mfsa2015-75.html
Scores
EPSS
0.0009
EPSS Percentile
24.8%
Details
CWE
CWE-264
Status
published
Products (1)
mozilla/firefox_os
< 2.1.0
Published
Aug 08, 2015
Tracked Since
Feb 18, 2026