Description
The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by entering many passcode guesses.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2015/mfsa2015-151.html
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1181571
Scores
CVSS v3
4.6
EPSS
0.0007
EPSS Percentile
22.2%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-284
Status
published
Products (1)
mozilla/firefox_os
< 2.2
Published
Jan 09, 2016
Tracked Since
Feb 18, 2026