Unrated severityNVD Advisory· Published Nov 5, 2015· Updated Jun 17, 2026
CVE-2015-7195
CVE-2015-7195
Description
The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=41.0.2
- (no CPE)range: <42.0
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
Patches
Vulnerability mechanics
References
7- www.mozilla.org/security/announce/2015/mfsa2015-129.htmlnvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.htmlnvd
- www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlnvd
- www.securitytracker.com/id/1034069nvd
- www.ubuntu.com/usn/USN-2785-1nvd
- bugzilla.mozilla.org/show_bug.cginvd
- security.gentoo.org/glsa/201512-10nvd
News mentions
0No linked articles in our index yet.