Unrated severityNVD Advisory· Published Aug 8, 2015· Updated May 6, 2026

CVE-2015-2745

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Search app in Gaia in Mozilla Firefox OS before 2.2 allow remote attackers to inject arbitrary HTML via the (1) name or (2) title field in card content associated with a search link that is mishandled after a HOME button press or a Show Windows action, as demonstrated by embedding an arbitrary application or spoofing the account-creation page.

Affected products

Mozilla Corporation/Firefox Os
cpe:2.3:o:mozilla:firefox_os:*:*:*:*:*:*:*:*
Range: <=2.1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.mozilla.org/security/announce/2015/mfsa2015-73.htmlnvdVendor Advisory
bugzilla.mozilla.org/show_bug.cginvd
github.com/mozilla-b2g/gaia/commit/0f72a8c31df9f3d8f609a7c58ca91139051d44ebnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000