CVE-2016-1955
MEDIUMMozilla Firefox <45.0 - CSRF
Title source: llmDescription
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.
References (12)
Scores
CVSS v3
4.3
EPSS
0.0055
EPSS Percentile
67.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Classification
CWE
CWE-200
Status
draft
Affected Products (5)
novell/suse_package_hub_for_suse_linux_enterprise
opensuse/leap
opensuse/opensuse
opensuse/opensuse
mozilla/firefox
< 44.0.2
Timeline
Published
Mar 13, 2016
Tracked Since
Feb 18, 2026