8.8

CVE-2016-2831

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.10
CanonicalUbuntu Linux Version16.04 SwEditionlts
MozillaFirefox Version45.1.0
MozillaFirefox Version45.1.1
DebianDebian Linux Version8.0
OpensuseLeap Version42.1
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
MozillaFirefox Version <= 46.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.35% 0.681
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:N/I:P/A:P
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/91075
http://www.securitytracker.com/id/1036057
Third Party Advisory
http://www.ubuntu.com/usn/USN-2993-1
Third Party Advisory
http://www.debian.org/security/2016/dsa-3600
Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1217
Third Party Advisory
http://www.mozilla.org/security/announce/2016/mfsa2016-58.html
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1261933
Issue Tracking
Permissions Required