CVE-2016-1965

Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html
http://www.debian.org/security/2016/dsa-3510
http://www.mozilla.org/security/announce/2016/mfsa2016-28.html	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Third Party Advisory
http://www.securitytracker.com/id/1035215
http://www.ubuntu.com/usn/USN-2917-1
http://www.ubuntu.com/usn/USN-2917-2
http://www.ubuntu.com/usn/USN-2917-3
https://bugzilla.mozilla.org/show_bug.cgi?id=1245264	Issue Tracking
https://security.gentoo.org/glsa/201605-06

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr:38.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.0.1:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.0.5:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.1.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.1.1:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.2.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.2.1:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.3.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.4.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.5.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.5.1:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.6.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.6.1:::::::*

Configuration 2 (hide)

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:oracle:linux:5.0:::::::*
	cpe:2.3:o:oracle:linux:6:::::::*
	cpe:2.3:o:oracle:linux:7:::::::*

History

No history.

Information

Published : 2016-03-13 18:59

Updated : 2019-12-27 16:08

NVD link : CVE-2016-1965

Mitre link : CVE-2016-1965

CVE.ORG link : CVE-2016-1965

JSON object : View

Products Affected

opensuse

opensuse

oracle

linux

mozilla

firefox
firefox_esr

CWE

CWE-254

7PK - Security Features

{"id": "CVE-2016-1965", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2016-03-13T18:59:14.553", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html", "source": "security@mozilla.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html", "source": "security@mozilla.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html", "source": "security@mozilla.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html", "source": "security@mozilla.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html", "source": "security@mozilla.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html", "source": "security@mozilla.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html", "source": "security@mozilla.org"}, {"url": "http://www.debian.org/security/2016/dsa-3510", "source": "security@mozilla.org"}, {"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-28.html", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "http://www.securitytracker.com/id/1035215", "source": "security@mozilla.org"}, {"url": "http://www.ubuntu.com/usn/USN-2917-1", "source": "security@mozilla.org"}, {"url": "http://www.ubuntu.com/usn/USN-2917-2", "source": "security@mozilla.org"}, {"url": "http://www.ubuntu.com/usn/USN-2917-3", "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245264", "tags": ["Issue Tracking"], "source": "security@mozilla.org"}, {"url": "https://security.gentoo.org/glsa/201605-06", "source": "security@mozilla.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-254"}]}], "descriptions": [{"lang": "en", "value": "Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property."}, {"lang": "es", "value": "Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 no maneja correctamente la secuencia de navegaci\u00f3n que devuelve a la p\u00e1gina original, lo que permite a atacantes remotos suplantar la barra de direcciones a trav\u00e9s de vectores que involucran el m\u00e9todo history.back y la propiedad location.protocol."}], "lastModified": "2019-12-27T16:08:55.810", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2CA2CAD-3088-47C2-AE3A-607E6064E9BE", "versionEndIncluding": "44.0.2"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A1DD76B-7682-4F61-B274-115D8A9B5306"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "332589F6-C6DB-4204-97FA-B60105BBF146"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A04D6EAE-C709-4752-976E-DB15EE6E85B0"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE52B8E3-3BA8-46DB-948E-958739FE91B1"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "818D58B7-3BA2-4CE5-9D9A-65F5B24AB6D0"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B50189A6-C058-46EA-9BE8-9D01E304D518"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F5442BB-3E3F-4E91-B76B-6B379B47E2BD"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FF3D499-08B8-4180-86C8-A38609D8938B"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1F6A91A-4C19-47FB-B538-2B1837F68C61"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4773E493-5198-48FD-97D3-C20C36DF76E1"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E8F7CC3-9108-49C5-A0EE-DCC86A949C74"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97CD0D0C-B3AB-47B2-90DB-D559BFCFC670"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8A6B04A-AA56-43F4-835A-86795055A869"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3CCD459-9E6D-4731-8054-CDF8B58454A9"}, {"criteria": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC7A498A-A669-4C42-8134-86103C799D13"}, {"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}

4.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2016-1965

4.3^/10

4.3^/10

Attach tags to `CVE-2016-1965`