CVE Vulnerabilities

CVE-2016-1965

Published: Mar 13, 2016 | Modified: Dec 27, 2019
CVSS 3.x
4.3
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.

Affected Software

Name Vendor Start Version End Version
Firefox_esr Mozilla 38.0 38.0
Firefox_esr Mozilla 38.2.1 38.2.1
Firefox_esr Mozilla 38.1.0 38.1.0
Firefox_esr Mozilla 38.2.0 38.2.0
Firefox_esr Mozilla 38.6.1 38.6.1
Firefox_esr Mozilla 38.4.0 38.4.0
Firefox_esr Mozilla 38.3.0 38.3.0
Firefox_esr Mozilla 38.5.1 38.5.1
Firefox_esr Mozilla 38.0.5 38.0.5
Firefox_esr Mozilla 38.0.1 38.0.1
Firefox_esr Mozilla 38.5.0 38.5.0
Firefox_esr Mozilla 38.6.0 38.6.0
Firefox_esr Mozilla 38.1.1 38.1.1
Firefox Mozilla * 44.0.2

References