CVE-2016-2813 — Sensitive Information Exposure in Mozilla Firefox

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 35.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox Debian Firefox-esr

Timeline

PublishedApr 30

Latest updateMay 17

Description

Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDmozilla/firefox45.0.2

▶debiandebian/firefox

▶debiandebian/firefox-esr

🔴Vulnerability Details

GHSA

GHSA-x4mq-76g8-78f6: Mozilla Firefox before 46↗2022-05-17

▶

📋Vendor Advisories

Red Hat

Mozilla: Disclosure of user actions through JavaScript with motion and orientation sensors (MFSA 2016-43)↗2016-04-26

▶

Debian

CVE-2016-2813: firefox - Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript acc...↗2016

▶

💬Community

Bugzilla

CVE-2016-2813 Mozilla: Disclosure of user actions through JavaScript with motion and orientation sensors (MFSA 2016-43)↗2016-04-25

▶