Published: 30/04/2016 Updated: 01/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Mozilla Firefox prior to 46.0 allows remote malicious users to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

USN-2936-1 caused Firefox to crash on startup with the Oxygen GTK theme ...

USN-2936-1 introduced a regression in Firefox ...

Mozilla Foundation Security Advisory 2016-45 CSP not applied to pages sent with multipart/x-mixed-replace Announced April 26, 2016 Reporter Muneaki Nishimura Impact Moderate Products Firefox Fixed in ...

Mozilla Firefox before 460 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type ...

CWE-284 https://bugzilla.mozilla.org/show_bug.cgi?id=1223743 http://www.mozilla.org/security/announce/2016/mfsa2016-45.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html http://www.ubuntu.com/usn/USN-2936-1 http://www.ubuntu.com/usn/USN-2936-2 http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://www.ubuntu.com/usn/USN-2936-3 http://www.securitytracker.com/id/1035692 https://security.gentoo.org/glsa/201701-15 https://nvd.nist.gov https://usn.ubuntu.com/2936-1/

CVE-2016-2816

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect