Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-1967

Опубликовано: 08 мар. 2016
Источник: redhat
CVSS2: 4.3

Описание

Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207.

Отчет

This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5firefoxNot affected
Red Hat Enterprise Linux 5thunderbirdNot affected
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1315776Mozilla: Same-origin policy violation using perfomance.getEntries and history navigation with session restore (MFSA 2016-29)

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-1967

CVSS3: 6.5
ubuntu
почти 10 лет назад

Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207.

nvd логотип

CVE-2016-1967

CVSS3: 6.5
nvd
почти 10 лет назад

Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207.

debian логотип

CVE-2016-1967

CVSS3: 6.5
debian
почти 10 лет назад

Mozilla Firefox before 45.0 does not properly restrict the availabilit ...

github логотип

GHSA-697m-2pgc-69m6

CVSS3: 6.5
github
больше 3 лет назад

Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207.

fstec логотип

BDU:2016-00751

fstec
почти 10 лет назад

Уязвимость браузера Firefox, позволяющая нарушителю получить конфиденциальную информацию или обойти существующую политику ограничения доступа

4.3 Medium

CVSS2