4.3

CVE-2016-2820

EPSS 0.42%
Published 30.04.2016 17:59:15
Last modified 12.04.2025 10:46:40
Source security@mozilla.org
Teams watchlist Login
Open Login

The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element.

Affected products Warnungen 0 Metrics 3 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version <= 45.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.42%	0.59

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html

http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html

http://www.securitytracker.com/id/1035692

http://www.ubuntu.com/usn/USN-2936-1

http://www.ubuntu.com/usn/USN-2936-2

http://www.ubuntu.com/usn/USN-2936-3

https://security.gentoo.org/glsa/201701-15

http://www.mozilla.org/security/announce/2016/mfsa2016-48.html

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=870870

https://nvd.nist.gov/vuln/detail/CVE-2016-2820

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-2820

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-2820

EUVD