CVE-2016-1965

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-1965

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1965.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-1965

Related

Published

2016-03-13T18:59:14Z

Modified

2024-10-22T13:42:14Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.

References

Affected packages

Debian:11 / firefox-esr

Package

Name: firefox-esr
Purl: pkg:deb/debian/firefox-esr?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

45.0esr-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / firefox-esr

Package

Name: firefox-esr
Purl: pkg:deb/debian/firefox-esr?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

45.0esr-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / firefox-esr

Package

Name: firefox-esr
Purl: pkg:deb/debian/firefox-esr?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

45.0esr-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}