CVE-2016-1954

CWE-26410 documents8 sources
Severity
8.8HIGH
EPSS
2.7%
top 14.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Mozilla FirefoxMozilla ThunderbirdNovell Suse Package HUB FOR Suse Linux Enterprise+3 more
Timeline
PublishedMar 13
Latest updateMay 13

Description

The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

NVDmozilla/firefox44.0.2+13
Debianfirefox-esr< 45.0esr-1+3
NVDoracle/linux5.0, 6, 7+2
NVDopensuse/leap42.1

Patches

Patch: hg.mozilla.orgPatch: hg.mozilla.org

🔴Vulnerability Details

4
GHSA
GHSA-hh86-fc79-9mq4: The nsCSPContext::SendReports function in dom/security/nsCSPContext2022-05-13
OSV
thunderbird vulnerabilities2016-04-27
CVEList
CVE-2016-1954: The nsCSPContext::SendReports function in dom/security/nsCSPContext2016-03-13
OSV
CVE-2016-1954: The nsCSPContext::SendReports function in dom/security/nsCSPContext2016-03-13

📋Vendor Advisories

4
Ubuntu
Thunderbird vulnerabilities2016-04-27
Ubuntu
Firefox vulnerabilities2016-03-09
Red Hat
Mozilla: Local file overwriting and potential privilege escalation through CSP reports (MFSA 2016-17)2016-03-08
Debian
CVE-2016-1954: firefox - The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozil...2016

💬Community

1
Bugzilla
CVE-2016-1954 Mozilla: Local file overwriting and potential privilege escalation through CSP reports (MFSA 2016-17)2016-03-08
CVE-2016-1954 (HIGH CVSS 8.8) | The nsCSPContext::SendReports funct | cvebase.io