Published: 30/04/2016 Updated: 01/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Mozilla Firefox prior to 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote malicious users to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox

Mozilla Foundation Security Advisory 2016-43 Disclosure of user actions through JavaScript with motion and orientation sensors Announced April 26, 2016 Reporter Maryam Mehrnezhad Impact High Products Firefox Fixed in ...

Mozilla Firefox before 460 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780 ...

CWE-200 https://bugzilla.mozilla.org/show_bug.cgi?id=1197901 http://www.mozilla.org/security/announce/2016/mfsa2016-43.html http://dl.acm.org/citation.cfm?id=2714650 http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://www.securitytracker.com/id/1035692 https://security.gentoo.org/glsa/201701-15 https://nvd.nist.gov https://www.mozilla.org/en-US/security/advisories/mfsa2016-43/https://access.redhat.com/security/cve/cve-2016-2813

CVE-2016-2813

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect