CVE-2016-1955
published 2016-03-13CVE-2016-1955: Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy…
medium4.3CVSS 3.0
AVNACLPRNUIRSUCLINAN
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 45.0-1 (sid) | firefox 45.0-1 (sid) |
| debian | firefox-esr | < firefox 45.0-1 (sid) | firefox 45.0-1 (sid) |
| mozilla | firefox | <= 44.0.2 | — |
| mozilla | firefox | >= 0 < 45.0+build2-0ubuntu0.14.04.1 | 45.0+build2-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 45.0.2+build1-0ubuntu0.14.04.1 | 45.0.2+build1-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 45.0.1+build1-0ubuntu0.14.04.2 | 45.0.1+build1-0ubuntu0.14.04.2 |
| novell | suse_package_hub_for_suse_linux_enterprise | — | — |
| opensuse | leap | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
osv8.8HIGH