CVE-2015-8512

MEDIUM

Mozilla Firefox OS <2.5 - Info Disclosure

Title source: llm

Description

The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by entering many passcode guesses.

References (2)

[Vendor Advisory] http://www.mozilla.org/security/announce/2015/mfsa2015-151.html

[Issue Tracking] https://bugzilla.mozilla.org/show_bug.cgi?id=1181571

Scores

CVSS v3 4.6

EPSS 0.0007

EPSS Percentile 22.1%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-284

Status draft

Affected Products (1)

mozilla/firefox_os < 2.2

Timeline

Published Jan 09, 2016

Tracked Since Feb 18, 2026