Vulnerability Details : CVE-2016-1967
Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207.
Vulnerability category: Information leak
Products affected by CVE-2016-1967
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-1967
0.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-1967
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2016-1967
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1967
-
http://www.ubuntu.com/usn/USN-2917-1
USN-2917-1: Firefox vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-2917-3
USN-2917-3: Firefox regressions | Ubuntu security notices
-
http://www.securitytracker.com/id/1035215
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Spoof the Address Bar, Overwrite Files, and Deny Service - SecurityTracker
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1246956
Bugzilla.mozilla.org is offline
-
https://security.gentoo.org/glsa/201605-06
Mozilla Products: Multiple vulnerabilities (GLSA 201605-06) — Gentoo security
-
http://www.mozilla.org/security/announce/2016/mfsa2016-29.html
Same-origin policy violation using performance.getEntries and history navigation with session restore — MozillaVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
[security-announce] openSUSE-SU-2016:0731-1: important: Security update
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
[security-announce] openSUSE-SU-2016:0733-1: important: Security update
-
http://www.ubuntu.com/usn/USN-2917-2
USN-2917-2: Firefox regressions | Ubuntu security notices
Jump to