CVE-2016-2820
Summary
| CVE | CVE-2016-2820 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-04-30 17:59:00 UTC |
| Updated | 2017-07-01 01:29:00 UTC |
| Description | The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element. |
Risk And Classification
Problem Types: CWE-284
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 870870 - (CVE-2016-2820) FHR accepts events from untrusted domains | CONFIRM | bugzilla.mozilla.org | |
| Mozilla Firefox, Thunderbird: Multiple vulnerabilities (GLSA 201701-15) — Gentoo security | GENTOO | security.gentoo.org | |
| [security-announce] openSUSE-SU-2016:1211-1: important: Security update | SUSE | lists.opensuse.org | |
| openSUSE-SU-2016:1251-1: moderate: Security update to Firefox 46.0 | SUSE | lists.opensuse.org | |
| Firefox Health Reports could accept events from untrusted domains — Mozilla | CONFIRM | www.mozilla.org | Vendor Advisory |
| USN-2936-2: Oxygen-GTK3 update | Ubuntu | UBUNTU | www.ubuntu.com | |
| USN-2936-1: Firefox vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| USN-2936-3: Firefox regression | Ubuntu | UBUNTU | www.ubuntu.com | |
| Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Gain Elevated Privileges, Bypass Security Restrictions, and Obtain Potentially Sensitive Information - SecurityTracker | SECTRACK | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 710500 Gentoo Linux Mozilla Firefox, Thunderbird Multiple Vulnerabilities (GLSA 201701-15)