CVE-2016-2820
N/A
N/A
Summary
The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html
- http://www.securitytracker.com/id/1035692
- http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html
- http://www.ubuntu.com/usn/USN-2936-2
- https://security.gentoo.org/glsa/201701-15
- http://www.ubuntu.com/usn/USN-2936-1
- http://www.ubuntu.com/usn/USN-2936-3
- http://www.mozilla.org/security/announce/2016/mfsa2016-48.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=870870
References
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html
- http://www.securitytracker.com/id/1035692
- http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html
- http://www.ubuntu.com/usn/USN-2936-2
- https://security.gentoo.org/glsa/201701-15
- http://www.ubuntu.com/usn/USN-2936-1
- http://www.ubuntu.com/usn/USN-2936-3
- http://www.mozilla.org/security/announce/2016/mfsa2016-48.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=870870
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.