Vulnerability Details : CVE-2016-5267
Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set.
Vulnerability category: Input validation
Products affected by CVE-2016-5267
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-5267
0.48%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-5267
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N |
1.6
|
3.6
|
NIST |
CWE ids for CVE-2016-5267
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5267
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1284372
1284372 - (CVE-2016-5267) Firefox Mobile Address Bar SpoofingIssue Tracking;Permissions Required
-
https://security.gentoo.org/glsa/201701-15
Mozilla Firefox, Thunderbird: Multiple vulnerabilities (GLSA 201701-15) — Gentoo security
-
http://www.securityfocus.com/bid/92260
Mozilla Firefox Multiple Security Vulnerabilities
-
http://www.mozilla.org/security/announce/2016/mfsa2016-82.html
Addressbar spoofing with right-to-left characters on Firefox for Android — MozillaVendor Advisory
-
http://www.securitytracker.com/id/1036508
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, Spoof Content, Modify Files, and Obtain Potentially Sensitive Information - SecurityTracker
Jump to