Lucene search

[email protected]CVE-2016-1958

HistoryMar 13, 2016 - 6:59 p.m.

CVE-2016-1958

2016-03-1318:59:07

CWE-254

[email protected]

web.nvd.nist.gov

cve-2016-1958

mozilla firefox

security vulnerability

address bar spoofing

nvd

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.4%

JSON

browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.

Affected configurations

NVD

Node

oraclelinuxMatch5.0

oraclelinuxMatch6

oraclelinuxMatch7

Node

opensuseopensuseMatch13.1

Node

mozillafirefoxRange≤44.0.2

mozillafirefox_esrMatch38.0

mozillafirefox_esrMatch38.0.1

mozillafirefox_esrMatch38.0.5

mozillafirefox_esrMatch38.1.0

mozillafirefox_esrMatch38.1.1

mozillafirefox_esrMatch38.2.0

mozillafirefox_esrMatch38.2.1

mozillafirefox_esrMatch38.3.0

mozillafirefox_esrMatch38.4.0

mozillafirefox_esrMatch38.5.0

mozillafirefox_esrMatch38.5.1

mozillafirefox_esrMatch38.6.0

mozillafirefox_esrMatch38.6.1

CPENameOperatorVersion
oracle:linuxoracle linuxeq5.0
oracle:linuxoracle linuxeq6
oracle:linuxoracle linuxeq7

CPE	Name	Operator	Version
oracle:linux	oracle linux	eq	5.0
oracle:linux	oracle linux	eq	6
oracle:linux	oracle linux	eq	7

References

hg.mozilla.org/releases/mozilla-release/rev/80ce3f1ffe03

lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html

www.debian.org/security/2016/dsa-3510

www.mozilla.org/security/announce/2016/mfsa2016-21.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.securitytracker.com/id/1035215

www.ubuntu.com/usn/USN-2917-1

www.ubuntu.com/usn/USN-2917-2

www.ubuntu.com/usn/USN-2917-3

bugzilla.mozilla.org/show_bug.cgi?id=1228754

security.gentoo.org/glsa/201605-06

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for CVE-2016-1958

debiancve1 nvd1 cvelist1 openvas26 ubuntucve1 prion1 mozilla1 freebsd1 nessus25 veracode25 redhat1 centos1 suse8 debian1 oraclelinux1 osv1 mageia1 ubuntu3 archlinux1 kaspersky1 gentoo1