Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-8hvv-37dj-zkdp
Vulnerability ID VCID-8hvv-37dj-zkdp
Aliases CVE-2015-7185
Summary Security researcher Jordi Chancel reported when Firefox for Android exits fullscreen mode, it can be induce through script to not restore the addressbar when the window is redrawn in normal mode. This could allow an attacker to spoof the addressbar with their own content. This issue only affects Firefox for Android. Firefox on other operating systems is not affected.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-254 7PK - Security Features
System Score Found at
epss 0.00435 https://api.first.org/data/v1/epss?cve=CVE-2015-7185
epss 0.00435 https://api.first.org/data/v1/epss?cve=CVE-2015-7185
epss 0.00435 https://api.first.org/data/v1/epss?cve=CVE-2015-7185
epss 0.00435 https://api.first.org/data/v1/epss?cve=CVE-2015-7185
epss 0.00435 https://api.first.org/data/v1/epss?cve=CVE-2015-7185
epss 0.00435 https://api.first.org/data/v1/epss?cve=CVE-2015-7185
epss 0.00435 https://api.first.org/data/v1/epss?cve=CVE-2015-7185
epss 0.00435 https://api.first.org/data/v1/epss?cve=CVE-2015-7185
epss 0.00435 https://api.first.org/data/v1/epss?cve=CVE-2015-7185
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2015-7185
generic_textual none https://www.mozilla.org/en-US/security/advisories/mfsa2015-119
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html
https://api.first.org/data/v1/epss?cve=CVE-2015-7185
https://bugzilla.mozilla.org/show_bug.cgi?id=1149000
http://www.mozilla.org/security/announce/2015/mfsa2015-119.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securitytracker.com/id/1034069
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:o:google:android:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
CVE-2015-7185 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7185
CVE-2015-7185 https://nvd.nist.gov/vuln/detail/CVE-2015-7185
mfsa2015-119 https://www.mozilla.org/en-US/security/advisories/mfsa2015-119
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2015-7185
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.62759
EPSS Score 0.00435
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:18:24.315515+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2015/mfsa2015-119.md 38.0.0