CVE-2016-1942Improper Input Validation in Mozilla Firefox

CWE-20Improper Input Validation7 documents4 sources
Severity
7.4HIGHNVD
OSV9.8
EPSS
0.8%
top 25.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxOpensuse LeapOpensuse
Timeline
PublishedJan 31
Latest updateMay 14

Description

Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:NExploitability: 2.8 | Impact: 4.0

Affected Packages4 packages

Ubuntumozilla/firefox< 44.0+build3-0ubuntu0.14.04.1+1
NVDmozilla/firefox43.0.4
NVDopensuse/leap42.1
NVDopensuse/opensuse13.1, 13.2+1

🔴Vulnerability Details

4
GHSA
GHSA-f5p6-qx62-vpqv: Mozilla Firefox before 442022-05-14
OSV
firefox regression2016-02-08
OSV
firefox vulnerabilities2016-01-27
OSV
CVE-2016-1942: Mozilla Firefox before 442016-01-26

📋Vendor Advisories

2
Ubuntu
Firefox regression2016-02-08
Ubuntu
Firefox vulnerabilities2016-01-27
CVE-2016-1942 — Improper Input Validation in Mozilla | cvebase