CVE-2016-2831

Loading...

General

Score:5.8/10.0
Severity:Medium
Category:Access Control Error
Exploit:Available

Impact Metrics

Confidentiality:None
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2016-2815, CVE-2016-2818, CVE-2016-2819, CVE-2016-2821, CVE-2016-2822, CVE-2016-2824, CVE-2016-2825, CVE-2016-2828, CVE-2016-2829, CVE-2016-2830, CVE-2016-2832, CVE-2016-2833, CVE-2016-2834, CVE-2016-2835, CVE-2016-2836, CVE-2016-2837, CVE-2016-2838, CVE-2016-2839, CVE-2016-5252, CVE-2016-5254, CVE-2016-5258, CVE-2016-5259, CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265, CVE-2016-6354

Published on 13/06/16 - Updated on 19/02/17

Description

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.

Category: Access Control Error

CWE-284 (Improper Access Control)
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Security Notices

US National Vulnerability DatabaseCVE-2016-2831
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2016-AVI-193
Arch Linux ASA-201606-7
CentOS CESA-2016:1217
Debian DSA-3600-1
Debian LTSDLA-521-1
Mozilla MFSA2016-58
Redhat RHSA-2016:1217
SUSE SUSE-SU-2016:1691, SUSE-SU-2016:1799, SUSE-SU-2016:2061
Ubuntu USN-2993-1

Exploits

SecurityFocusBID-91075

Relative technologies

VendorProduct
canonicalubuntu_linux
debiandebian_linux
mozillafirefox
mozillafirefox_esr
novellleap
novellopensuse

Share this vulnerability with:

Twitter Facebook LinkedIn Mail