CVE-2016-1967
published 2016-03-13CVE-2016-1967: Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same…
PriorityP430medium6.5CVSS 3.0
AVNACLPRNUIRSUCHINAN
EPSS
2.25%
80.8th percentile
Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 45.0-1 (sid) | firefox 45.0-1 (sid) |
| debian | firefox-esr | < firefox 45.0-1 (sid) | firefox 45.0-1 (sid) |
| mozilla | firefox | <= 44.0.2 | — |
| mozilla | firefox | >= 0 < 45.0+build2-0ubuntu0.14.04.1 | 45.0+build2-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 45.0.2+build1-0ubuntu0.14.04.1 | 45.0.2+build1-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 45.0.1+build1-0ubuntu0.14.04.2 | 45.0.1+build1-0ubuntu0.14.04.2 |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv8.8HIGH
vendor_ubuntu8.8HIGH
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-697m-2pgc-69m6: Mozilla Firefox before 45
ghsa_unreviewed·2022-05-17·CVSS 5.0
CVE-2016-1967 [MEDIUM] CWE-200 GHSA-697m-2pgc-69m6: Mozilla Firefox before 45
Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207.
OSV
firefox regressions
osv·2016-04-19·CVSS 8.8
[HIGH] firefox regressions
firefox regressions
USN-2917-1 fixed vulnerabilities in Firefox. This update caused several
web compatibility regressions.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1950)
Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel
Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto,
Tyson Smith, Andrea Marchesini, and Jukka Jylänki discovered multiple
memory safety issues in Firefox.
OSV
firefox regressions
osv·2016-04-07·CVSS 8.8
[HIGH] firefox regressions
firefox regressions
USN-2917-1 fixed vulnerabilities in Firefox. This update caused several
regressions that could result in search engine settings being lost, the
list of search providers appearing empty or the location bar breaking
after typing an invalid URL. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1950)
Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel
Holbert, Jesse Ruderman, Randell Jesup,
OSV
CVE-2016-1967: Mozilla Firefox before 45
osv·2016-03-13·CVSS 5.0
CVE-2016-1967 [MEDIUM] CVE-2016-1967: Mozilla Firefox before 45
Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207.
OSV
firefox vulnerabilities
osv·2016-03-09·CVSS 8.8
CVE-2016-1950 [HIGH] firefox vulnerabilities
firefox vulnerabilities
Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1950)
Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel
Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto,
Tyson Smith, Andrea Marchesini, and Jukka Jylänki discovered multiple
memory safety issues in Firefox. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit these to
cause a denial of service via application crash, or execute arbitrary code
with the
Ubuntu
Firefox regressions
vendor_ubuntu·2016-04-19·CVSS 8.8
[HIGH] Firefox regressions
Title: Firefox regressions
Summary: USN-2917-1 introduced several regressions in Firefox.
USN-2917-1 fixed vulnerabilities in Firefox. This update caused several
web compatibility regressions.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1950)
Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel
Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto,
Tyson Smith, Andrea Marchesini,
Ubuntu
Firefox regressions
vendor_ubuntu·2016-04-07·CVSS 8.8
[HIGH] Firefox regressions
Title: Firefox regressions
Summary: USN-2917-1 introduced several regressions in Firefox.
USN-2917-1 fixed vulnerabilities in Firefox. This update caused several
regressions that could result in search engine settings being lost, the
list of search providers appearing empty or the location bar breaking
after typing an invalid URL. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1950)
Bob Clary, Christoph Diehl, Christian H
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2016-03-09·CVSS 8.8
CVE-2016-1950 [HIGH] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1950)
Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel
Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto,
Tyson Smith, Andrea Marchesini, and Jukka Jylänki discovered multiple
memory safety issues in Firefox. If a user were tricked in to opening a
specially crafted website, an attacker could p
Red Hat
Mozilla: Same-origin policy violation using perfomance.getEntries and history navigation with session restore (MFSA 2016-29)
vendor_redhat·2016-03-08·CVSS 5.0
CVE-2016-1967 [MEDIUM] Mozilla: Same-origin policy violation using perfomance.getEntries and history navigation with session restore (MFSA 2016-29)
Mozilla: Same-origin policy violation using perfomance.getEntries and history navigation with session restore (MFSA 2016-29)
Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207.
Statement: This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.
Package: firefox (Red Hat Enterprise Linux 5) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 5) - Not affected
Packa
Debian
CVE-2016-1967: firefox - Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAM...
vendor_debian·2016·CVSS 5.0
CVE-2016-1967 [MEDIUM] CVE-2016-1967: firefox - Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAM...
Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207.
Scope: local
sid: resolved (fixed in 45.0-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-5432 ovirt-engine: ovirt-engine-provisiondb logs contain DB username and password in plain text
bugzilla·2016-08-30·CVSS 3.3
CVE-2016-5432 [LOW] CVE-2016-5432 ovirt-engine: ovirt-engine-provisiondb logs contain DB username and password in plain text
CVE-2016-5432 ovirt-engine: ovirt-engine-provisiondb logs contain DB username and password in plain text
When ovirt-engine-provisiondb, a utility usually called by engine-backup, was passed one of the '--provision*db' options to create postgresql DBs/users, the password of the created user is stored in the log file in plain text.
Discussion:
Acknowledgments:
Name: Yedidyah Bar David (Red Hat)
---
Fix included in:
https://gerrit.ovirt.org/#/q/I40c88ad48f8f7c2b8e06802137870b0c198b5129
---
This issue has been addressed in the following products:
RHEV Engine version 4.0
Via RHSA-2016:1967 https://rhn.redhat.com/errata/RHSA-2016-1967.html
Bugzilla
CVE-2016-1967 Mozilla: Same-origin policy violation using perfomance.getEntries and history navigation with session restore (MFSA 2016-29)
bugzilla·2016-03-08·CVSS 6.5
CVE-2016-1967 [MEDIUM] CVE-2016-1967 Mozilla: Same-origin policy violation using perfomance.getEntries and history navigation with session restore (MFSA 2016-29)
CVE-2016-1967 Mozilla: Same-origin policy violation using perfomance.getEntries and history navigation with session restore (MFSA 2016-29)
Security researcher Jordi Chancel discovered a variant of a href="https://www.mozilla.org/security/advisories/mfsa2015-136/">Mozilla Foundation Security Advisory 2015-136 which was fixed in Firefox 43. In the original bug, it was possible to read cross-origin URLs following a redirect if perfomance.getEntries() was used along with an iframe to host a page. Navigating back in history through script, content was pulled from the browser cache for the redirected location instead of going to the original location. In the newly reported variant issue, it was found that if a browser session was restored, history navigation would still allow for the same attac
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.htmlhttp://www.mozilla.org/security/announce/2016/mfsa2016-29.htmlhttp://www.securitytracker.com/id/1035215http://www.ubuntu.com/usn/USN-2917-1http://www.ubuntu.com/usn/USN-2917-2http://www.ubuntu.com/usn/USN-2917-3https://bugzilla.mozilla.org/show_bug.cgi?id=1246956https://security.gentoo.org/glsa/201605-06http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.htmlhttp://www.mozilla.org/security/announce/2016/mfsa2016-29.htmlhttp://www.securitytracker.com/id/1035215http://www.ubuntu.com/usn/USN-2917-1http://www.ubuntu.com/usn/USN-2917-2http://www.ubuntu.com/usn/USN-2917-3https://bugzilla.mozilla.org/show_bug.cgi?id=1246956https://security.gentoo.org/glsa/201605-06
2016-03-13
Published