CVE-2016-5266
published 2016-08-05CVE-2016-5266: Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to…
PriorityP335high8.1CVSS 3.0
AVNACLPRNUIRSUCHIHAN
EPSS
1.66%
73.8th percentile
Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 48.0-1 (sid) | firefox 48.0-1 (sid) |
| debian | firefox-esr | < firefox 48.0-1 (sid) | firefox 48.0-1 (sid) |
| mozilla | firefox | <= 47.0.1 | — |
| mozilla | firefox | >= 0 < 48.0+build2-0ubuntu0.14.04.1 | 48.0+build2-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 48.0+build2-0ubuntu0.16.04.1 | 48.0+build2-0ubuntu0.16.04.1 |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian8.1HIGH
vendor_redhat8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2016-08-05·CVSS 9.8
CVE-2016-0718 [CRITICAL] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Gustavo Grieco discovered an out-of-bounds read during XML parsing in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or obtain sensitive information.
(CVE-2016-0718)
Toni Huttunen discovered that once a favicon is requested from a site,
the remote server can keep the network connection open even after the page
is closed. A remote attacked could potentially exploit this to track
users, resulting in information disclosure. (CVE-2016-2830)
Christian Holler, Tyson Smith, Boris Zbarsky, Byron Campen, Julian Seward,
Carsten Boo
Red Hat
Mozilla: Information disclosure and local file manipulation through drag and drop (MFSA 2016-81)
vendor_redhat·2016-08-02·CVSS 8.1
CVE-2016-5266 [HIGH] Mozilla: Information disclosure and local file manipulation through drag and drop (MFSA 2016-81)
Mozilla: Information disclosure and local file manipulation through drag and drop (MFSA 2016-81)
Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site.
Statement: This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.
Package: firefox (Red Hat Enterprise Linux 5) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 5) - Not affected
Package: firefox (Red Hat Enterprise Linux 6) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 6) - Not affected
Package: firefox (Red Hat Enterprise Linux 7) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 7)
Debian
CVE-2016-5266: firefox - Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTr...
vendor_debian·2016·CVSS 8.1
CVE-2016-5266 [HIGH] CVE-2016-5266: firefox - Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTr...
Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site.
Scope: local
sid: resolved (fixed in 48.0-1)
GHSA
GHSA-2fjc-qvwr-7hf8: Mozilla Firefox before 48
ghsa_unreviewed·2022-05-17
CVE-2016-5266 [HIGH] GHSA-2fjc-qvwr-7hf8: Mozilla Firefox before 48
Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site.
OSV
firefox vulnerabilities
osv·2016-08-05·CVSS 9.8
CVE-2016-0718 [CRITICAL] firefox vulnerabilities
firefox vulnerabilities
Gustavo Grieco discovered an out-of-bounds read during XML parsing in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or obtain sensitive information.
(CVE-2016-0718)
Toni Huttunen discovered that once a favicon is requested from a site,
the remote server can keep the network connection open even after the page
is closed. A remote attacked could potentially exploit this to track
users, resulting in information disclosure. (CVE-2016-2830)
Christian Holler, Tyson Smith, Boris Zbarsky, Byron Campen, Julian Seward,
Carsten Book, Gary Kwong, Jesse Ruderman, Andrew McCreight, and Phil
Ringnalda discovered multiple memory safety issues in
OSV
CVE-2016-5266: Mozilla Firefox before 48
osv·2016-08-03·CVSS 8.1
CVE-2016-5266 [HIGH] CVE-2016-5266: Mozilla Firefox before 48
Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site.
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.htmlhttp://www.mozilla.org/security/announce/2016/mfsa2016-81.htmlhttp://www.securityfocus.com/bid/92260http://www.securitytracker.com/id/1036508http://www.ubuntu.com/usn/USN-3044-1https://bugzilla.mozilla.org/show_bug.cgi?id=1226977https://security.gentoo.org/glsa/201701-15http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.htmlhttp://www.mozilla.org/security/announce/2016/mfsa2016-81.htmlhttp://www.securityfocus.com/bid/92260http://www.securitytracker.com/id/1036508http://www.ubuntu.com/usn/USN-3044-1https://bugzilla.mozilla.org/show_bug.cgi?id=1226977https://security.gentoo.org/glsa/201701-15
2016-08-05
Published