CVE-2015-7195

Publication date 4 November 2015

Last updated 24 July 2024

The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
firefox	15.10 wily	Fixed 42.0+build2-0ubuntu0.15.10.1
	15.04 vivid	Fixed 42.0+build2-0ubuntu0.15.04.1
	14.04 LTS trusty	Fixed 42.0+build2-0ubuntu0.14.04.1
	12.04 LTS precise	Fixed 42.0+build2-0ubuntu0.12.04.1

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2785-1
Firefox vulnerabilities
4 November 2015

Other references

https://www.mozilla.org/en-US/security/advisories/mfsa2015-129/
https://www.cve.org/CVERecord?id=CVE-2015-7195