CVE-2016-2822
published 2016-06-13CVE-2016-2822: Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
PriorityP426medium6.5CVSS 3.0
AVNACLPRNUIRSUCNIHAN
EPSS
2.03%
78.7th percentile
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | firefox | < firefox 47.0-1 (sid) | firefox 47.0-1 (sid) |
| debian | firefox-esr | < firefox 47.0-1 (sid) | firefox 47.0-1 (sid) |
| mozilla | firefox | <= 46.0.1 | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 47.0+build3-0ubuntu0.14.04.1 | 47.0+build3-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 47.0+build3-0ubuntu0.16.04.1 | 47.0+build3-0ubuntu0.16.04.1 |
| opensuse | leap | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv8.8HIGH
vendor_ubuntu8.8HIGH
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6g5m-4924-79vh: Mozilla Firefox before 47
ghsa_unreviewed·2022-05-14
CVE-2016-2822 [MEDIUM] CWE-284 GHSA-6g5m-4924-79vh: Mozilla Firefox before 47
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
OSV
CVE-2016-2822: Mozilla Firefox before 47
osv·2016-06-13·CVSS 6.5
CVE-2016-2822 [MEDIUM] CVE-2016-2822: Mozilla Firefox before 47
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
OSV
firefox vulnerabilities
osv·2016-06-09·CVSS 8.8
CVE-2016-2815 [HIGH] firefox vulnerabilities
firefox vulnerabilities
Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel,
Sylvestre Ledru, Julian Seward, Olli Pettay, Karl Tomlinson, Christoph
Diehl, Julian Hector, Jan de Mooij, Mats Palmgren, and Tooru Fujisawa
discovered multiple memory safety issues in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-2815, CVE-2016-2818)
A buffer overflow was discovered when parsing HTML5 fragments in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-28
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2016-06-09·CVSS 8.8
CVE-2016-2815 [HIGH] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel,
Sylvestre Ledru, Julian Seward, Olli Pettay, Karl Tomlinson, Christoph
Diehl, Julian Hector, Jan de Mooij, Mats Palmgren, and Tooru Fujisawa
discovered multiple memory safety issues in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-2815, CVE-2016-2818)
A buffer overflow was discovered when parsing HTML5 fragments in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could pote
Red Hat
Mozilla: Addressbar spoofing though the SELECT element (MFSA 2016-52)
vendor_redhat·2016-06-08·CVSS 6.5
CVE-2016-2822 [MEDIUM] Mozilla: Addressbar spoofing though the SELECT element (MFSA 2016-52)
Mozilla: Addressbar spoofing though the SELECT element (MFSA 2016-52)
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
Package: thunderbird (Red Hat Enterprise Linux 5) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 6) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2016-2822: firefox - Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attack...
vendor_debian·2016·CVSS 6.5
CVE-2016-2822 [MEDIUM] CVE-2016-2822: firefox - Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attack...
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
Scope: local
sid: resolved (fixed in 47.0-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-8608 Stored XSS in business process editor
bugzilla·2016-10-19·CVSS 5.4
CVE-2016-8608 [MEDIUM] CVE-2016-8608 Stored XSS in business process editor
CVE-2016-8608 Stored XSS in business process editor
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before showing to other users, including admins.
Discussion:
Acknowledgments:
Name: Kirill Gaevskii (Red Hat)
---
This issue has been addressed in the following products:
Red Hat JBoss BRMS 6.4.0
Via RHSA-2016:2823 https://rhn.redhat.com/errata/RHSA-2016-2823.html
---
This issue has been addressed in the following products:
Red Hat JBoss BPM Suite 6.4.0
Via RHSA-2016:2822 https://rhn.redhat.com/errata/RHSA-2016-2822.html
Bugzilla
CVE-2016-7041 Drools Workbench: Path traversal vulnerability
bugzilla·2016-09-13·CVSS 6.5
CVE-2016-7041 [MEDIUM] CVE-2016-7041 Drools Workbench: Path traversal vulnerability
CVE-2016-7041 Drools Workbench: Path traversal vulnerability
Drools Workbench contains the path traversal vulnerability. The vulnerability allows a remote authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host.
Discussion:
Acknowledgments:
Name: Jonas Bauters (NVISO)
---
This issue has been addressed in the following products:
Red Hat JBoss BRMS 6.4.0
Via RHSA-2016:2823 https://rhn.redhat.com/errata/RHSA-2016-2823.html
---
This issue has been addressed in the following products:
Red Hat JBoss BPM Suite 6.4.0
Via RHSA-2016:2822 https://rhn.redhat.com/errata/RHSA-2016-2822.html
---
This issue has been addressed in the following products:
Red Hat JBoss BRMS 6.3.4
Via RHSA-2016:2938 https://rhn.redhat.com/errata/RHSA-2016
Bugzilla
CVE-2016-2822 Mozilla: Addressbar spoofing though the SELECT element (MFSA 2016-52)
bugzilla·2016-06-06·CVSS 6.5
CVE-2016-2822 [MEDIUM] CVE-2016-2822 Mozilla: Addressbar spoofing though the SELECT element (MFSA 2016-52)
CVE-2016-2822 Mozilla: Addressbar spoofing though the SELECT element (MFSA 2016-52)
Security researcher Jordi Chancel reported a method to spoof the contents of the addressbar. This uses a persistent menu within a element, which acts as a container for HTML content and can be placed in an arbitrary location. When placed over the addressbar, this can mask the true site URL, allowing for spoofing by a malicious site
External Reference:
https://www.mozilla.org/security/announce/2016/mfsa2016-52.html
Acknowledgements:
Name: the Mozilla project
Upstream: Jordi Chancel
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2016:1217 https://access.redhat.com/errata/RHSA-2016:1217
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.htmlhttp://www.debian.org/security/2016/dsa-3600http://www.mozilla.org/security/announce/2016/mfsa2016-52.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.securityfocus.com/bid/91075http://www.securitytracker.com/id/1036057http://www.ubuntu.com/usn/USN-2993-1https://access.redhat.com/errata/RHSA-2016:1217https://bugzilla.mozilla.org/show_bug.cgi?id=1273129http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.htmlhttp://www.debian.org/security/2016/dsa-3600http://www.mozilla.org/security/announce/2016/mfsa2016-52.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.securityfocus.com/bid/91075http://www.securitytracker.com/id/1036057http://www.ubuntu.com/usn/USN-2993-1https://access.redhat.com/errata/RHSA-2016:1217https://bugzilla.mozilla.org/show_bug.cgi?id=1273129
2016-06-13
Published