CVE-2016-2831Improper Access Control in Firefox

CWE-254CWE-284Improper Access Control8 documents7 sources
Severity
8.8HIGHNVD
EPSS
0.7%
top 28.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Mozilla FirefoxDebian FirefoxDebian Firefox-esr+4 more
Timeline
PublishedJun 13
Latest updateMay 14

Description

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:HExploitability: 2.8 | Impact: 5.3

Affected Packages6 packages

Ubuntumozilla/firefox< 47.0+build3-0ubuntu0.14.04.1+1
NVDmozilla/firefox46.0.1+2
debiandebian/firefox< firefox 47.0-1 (sid)
debiandebian/firefox-esr< firefox 47.0-1 (sid)
NVDopensuse/leap42.1

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 15.10, 16.04

🔴Vulnerability Details

3
GHSA
GHSA-v53r-6j66-5ch8: Mozilla Firefox before 472022-05-14
OSV
CVE-2016-2831: Mozilla Firefox before 472016-06-13
OSV
firefox vulnerabilities2016-06-09

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2016-06-09
Red Hat
Mozilla: Entering fullscreen and persistent pointerlock without user permission (MFSA 2016-58)2016-06-09
Debian
CVE-2016-2831: firefox - Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that ...2016

💬Community

1
Bugzilla
CVE-2016-2831 Mozilla: Entering fullscreen and persistent pointerlock without user permission (MFSA 2016-58)2016-06-06