Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.4
CVSSv3

CVE-2016-2817

Published: 30/04/2016 Updated: 01/07/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.4 | Impact Score: 2.5 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Mozilla

Vulnerability Summary

The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox prior to 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote malicious users to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL.

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox

Vendor Advisories

Ubuntu Security Notice: firefox vulnerabilities
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Ubuntu Security Notice: oxygen-gtk3 update
USN-2936-1 caused Firefox to crash on startup with the Oxygen GTK theme ...
Ubuntu Security Notice: firefox regression
USN-2936-1 introduced a regression in Firefox ...
Mozilla: Elevation of privilege with chrome.tabs.update API in web extensions
Mozilla Foundation Security Advisory 2016-46 Elevation of privilege with chrometabsupdate API in web extensions Announced April 26, 2016 Reporter Muneaki Nishimura Impact Moderate Products Firefox Fixed in ...
Red Hat: CVE-2016-2817
The WebExtension sandbox feature in browser/components/extensions/ext-tabsjs in Mozilla Firefox before 460 does not properly restrict principal inheritance during chrometabscreate and chrometabsupdate API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) ...

References

CWE-264https://bugzilla.mozilla.org/show_bug.cgi?id=1227462http://www.mozilla.org/security/announce/2016/mfsa2016-46.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.htmlhttp://www.ubuntu.com/usn/USN-2936-1http://www.ubuntu.com/usn/USN-2936-2http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.htmlhttp://www.ubuntu.com/usn/USN-2936-3http://www.securitytracker.com/id/1035692https://security.gentoo.org/glsa/201701-15https://nvd.nist.govhttps://usn.ubuntu.com/2936-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook