CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
71.3%
The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site.
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | 22 | cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:* |
fedoraproject | fedora | 23 | cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:* |
mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
opensuse | leap | 42.1 | cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:* |
opensuse | opensuse | 13.1 | cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* |
opensuse | opensuse | 13.2 | cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* |
lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html
lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html
lists.opensuse.org/opensuse-updates/2015-12/msg00104.html
lists.opensuse.org/opensuse-updates/2016-02/msg00007.html
lists.opensuse.org/opensuse-updates/2016-02/msg00008.html
www.mozilla.org/security/announce/2015/mfsa2015-148.html
www.securityfocus.com/bid/79280
www.securitytracker.com/id/1034426
www.ubuntu.com/usn/USN-2833-1
bugzilla.mozilla.org/show_bug.cgi?id=1226423
security.gentoo.org/glsa/201512-10