CVE-2016-2833 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2016-2833

CWE

https://cwe.mitre.org/data/definitions/254.html

Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet.

Affected Software

Name	Vendor	Start Version	End Version
Leap	Opensuse	42.1 (including)	42.1 (including)
Opensuse	Opensuse	13.1 (including)	13.1 (including)
Opensuse	Opensuse	13.2 (including)	13.2 (including)
Firefox	Ubuntu	devel	*
Firefox	Ubuntu	precise	*
Firefox	Ubuntu	trusty	*
Firefox	Ubuntu	upstream	*
Firefox	Ubuntu	wily	*
Firefox	Ubuntu	xenial	*

References

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html
http://www.mozilla.org/security/announce/2016/mfsa2016-60.html
http://www.securitytracker.com/id/1036057
http://www.ubuntu.com/usn/USN-2993-1
https://bugzilla.mozilla.org/show_bug.cgi?id=908933