{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63725?format=json","vulnerability_id":"VCID-n999-2y81-q7dk","summary":"Security researcher Muneaki Nishimura reported that on Firefox for\nAndroid, a search engine can be registered and used to launch Firefox through an Android\nintent. When Firefox for Android is launched, the URL can executed with Firefox's\nsystem privileges if the crash reporter is used. This allows for the reading of local log\nfiles within Firefox, potentially leaking private information, and the loading of local\nHTML files through file: URIs.\nThis issue only affects Firefox for Android on Android 4.4 or earlier. It\ndoes not affect more recent versions of Android except for causing a non-exploitable\ncrash. Firefox on other operating systems is not affected.","aliases":[{"alias":"CVE-2015-7190"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86797?format=json","purl":"pkg:mozilla/Firefox@42.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@42.0.0"}],"affected_packages":[],"references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7190","reference_id":"","reference_type":"","scores":[{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66095","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65831","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.6603","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66086","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65872","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65903","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65869","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65921","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65932","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.6595","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65937","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65907","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65942","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65956","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65945","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65965","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65975","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65974","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65997","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.6604","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.6601","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7190"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1208520","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1208520"},{"reference_url":"http://www.mozilla.org/security/announce/2015/mfsa2015-124.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mozilla.org/security/announce/2015/mfsa2015-124.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"},{"reference_url":"http://www.securitytracker.com/id/1034069","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1034069"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:*:*:*:*:*:*:*:*"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7190","reference_id":"CVE-2015-7190","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7190"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7190","reference_id":"CVE-2015-7190","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7190"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-124","reference_id":"mfsa2015-124","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-124"}],"weaknesses":[{"cwe_id":200,"name":"Exposure of Sensitive Information to an Unauthorized Actor","description":"The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information."}],"exploits":[],"severity_range_score":"5.0 - 5.0","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n999-2y81-q7dk"}