Cross-Site Scripting Vulnerability in Mozilla Firefox OS Gaia Search App
CVE-2015-2744
Currently unrated
What is CVE-2015-2744?
A cross-site scripting (XSS) vulnerability exists in the Search app within the Gaia framework of Mozilla Firefox OS, affecting versions prior to 2.2. This flaw allows remote attackers to inject malicious HTML through crafted search links. If a user reopens the browser or utilizes the tab view, these injected links can be mishandled, potentially leading to unauthorized actions or data exposure in the context of the user's session. Patching this vulnerability is crucial for maintaining the security integrity of users interacting with the affected applications.