CVE Vulnerabilities

CVE-2016-2831

Published: Jun 13, 2016 | Modified: Oct 30, 2018
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu
MEDIUM

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.

Affected Software

Name Vendor Start Version End Version
Ubuntu_linux Canonical 12.04 (including) 12.04 (including)
Ubuntu_linux Canonical 14.04 (including) 14.04 (including)
Ubuntu_linux Canonical 15.10 (including) 15.10 (including)
Ubuntu_linux Canonical 16.04 (including) 16.04 (including)
Red Hat Enterprise Linux 5 RedHat firefox-0:45.2.0-1.el5_11 *
Red Hat Enterprise Linux 6 RedHat firefox-0:45.2.0-1.el6_8 *
Red Hat Enterprise Linux 7 RedHat firefox-0:45.2.0-1.el7_2 *
Firefox Ubuntu devel *
Firefox Ubuntu precise *
Firefox Ubuntu trusty *
Firefox Ubuntu upstream *
Firefox Ubuntu wily *
Firefox Ubuntu xenial *

References