Authentication Flaw in Mozilla Firefox OS Leading to Unauthorized Access
CVE-2015-8512

4.6MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox Os
Vendor: CVE Published:; 9 January 2016

What is CVE-2015-8512?

The lockscreen feature in Mozilla Firefox OS versions prior to 2.5 is vulnerable due to inadequate restrictions on failed authentication attempts. This weakness allows attackers with physical access to the device to exploit the lockscreen by continuously entering multiple passcode guesses. As a result, this vulnerability can lead to unauthorized access, compromising user data and device integrity. It is crucial for users to ensure their systems are updated to the latest versions to mitigate this risk.

References

http://www.mozilla.org/security/announce/2015/mfsa2015-15...

x_refsource_CONFIRM

https://bugzilla.mozilla.org/show_bug.cgi?id=1181571

x_refsource_CONFIRM

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2016
Vulnerability Reserved
Dec 8, 2015