CVE-2016-5251 — Improper Input Validation in Firefox

CWE-20 — Improper Input Validation9 documents7 sources

Severity

4.3MEDIUMNVD

OSV9.8OSV5.5

EPSS

0.5%

top 32.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Glance Project Glance Mozilla Firefox Debian Firefox +1 more

Timeline

PublishedAug 5

Latest updateMay 17

Description

Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

▶Ubuntumozilla/firefox< 48.0+build2-0ubuntu0.14.04.1+1

▶NVDmozilla/firefox47.0.1

▶debiandebian/firefox< firefox 48.0-1 (sid)

▶debiandebian/firefox-esr< firefox 48.0-1 (sid)

▶Ubuntuglance_project/glance< 1:2014.1.5-0ubuntu1.1

🔴Vulnerability Details

GHSA

GHSA-p834-7563-6j4f: Mozilla Firefox before 48↗2022-05-17

▶

OSV

glance vulnerabilities↗2017-10-11

▶

OSV

firefox vulnerabilities↗2016-08-05

▶

OSV

CVE-2016-5251: Mozilla Firefox before 48↗2016-08-03

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2016-08-05

▶

Red Hat

Mozilla: Location bar spoofing via data URLs with malformed/invalid mediatypes (MFSA 2016-66)↗2016-08-02

▶

Debian

CVE-2016-5251: firefox - Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar vi...↗2016

▶

💬Community

Bugzilla

CVE-2016-5251 Mozilla: Location bar spoofing via data URLs with malformed/invalid mediatypes (MFSA 2016-66)↗2016-08-01

▶