CVE-2016-2825Improper Access Control in Firefox

CWE-284Improper Access Control8 documents7 sources
Severity
6.5MEDIUMNVD
OSV8.8
EPSS
0.5%
top 33.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Mozilla FirefoxDebian FirefoxDebian Firefox-esr+3 more
Timeline
PublishedJun 13
Latest updateMay 14

Description

Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

Ubuntumozilla/firefox< 47.0+build3-0ubuntu0.14.04.1+1
NVDmozilla/firefox46.0.1
debiandebian/firefox< firefox 47.0-1 (sid)
debiandebian/firefox-esr< firefox 47.0-1 (sid)
NVDopensuse/leap42.1

Also affects: Ubuntu Linux 12.04, 14.04, 15.10, 16.04

🔴Vulnerability Details

3
GHSA
GHSA-frpp-99pq-vjpv: Mozilla Firefox before 472022-05-14
OSV
firefox vulnerabilities2016-06-09
OSV
CVE-2016-2825: Mozilla Firefox before 472016-06-08

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2016-06-09
Red Hat
Mozilla: Partial same-origin-policy through setting location.host through data: URI (MFSA 2016-54)2016-06-07
Debian
CVE-2016-2825: firefox - Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Po...2016

💬Community

1
Bugzilla
CVE-2016-2825 Mozilla: Partial same-origin-policy through setting location.host through data: URI (MFSA 2016-54)2016-06-06