Published: 30/04/2016 Updated: 01/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox prior to 46.0 does not properly restrict the origin of events, which makes it easier for remote malicious users to modify sharing preferences by leveraging access to the remote-report IFRAME element.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

USN-2936-1 caused Firefox to crash on startup with the Oxygen GTK theme ...

USN-2936-1 introduced a regression in Firefox ...

Mozilla Foundation Security Advisory 2016-48 Firefox Health Reports could accept events from untrusted domains Announced April 26, 2016 Reporter Mark Goodwin Impact Moderate Products Firefox Fixed in ...

The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 460 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element ...

CWE-284 http://www.mozilla.org/security/announce/2016/mfsa2016-48.html https://bugzilla.mozilla.org/show_bug.cgi?id=870870 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html http://www.ubuntu.com/usn/USN-2936-1 http://www.ubuntu.com/usn/USN-2936-2 http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://www.ubuntu.com/usn/USN-2936-3 http://www.securitytracker.com/id/1035692 https://security.gentoo.org/glsa/201701-15 https://nvd.nist.gov https://usn.ubuntu.com/2936-1/

CVE-2016-2820

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect