CVE-2014-1507 Information

Description

Directory traversal vulnerability in the DeviceStorage API in Mozilla FirefoxOS before 1.2.2 allows attackers to bypass the media sandbox protection mechanism and read or modify arbitrary files via a crafted application that uses a relative pathname for a DeviceStorageFile object.

Reference

http://www.mozilla.org/security/announce/2014/mfsa2014-25.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://bugzilla.mozilla.org/show_bug.cgi?id=940684