Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.
Max CVSS
8.8
EPSS Score
1.44%
Published
2016-06-13
Updated
2018-10-30
Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission.
Max CVSS
6.5
EPSS Score
0.36%
Published
2016-06-13
Updated
2018-10-30
Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.
Max CVSS
6.5
EPSS Score
0.48%
Published
2016-06-13
Updated
2018-10-30
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
Max CVSS
6.5
EPSS Score
0.94%
Published
2016-06-13
Updated
2018-10-30
4 vulnerabilities found