CVE-2016-1958
MEDIUMMozilla Firefox <45.0 - Firefox
Title source: llmDescription
browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.
References (18)
Scores
CVSS v3
4.3
EPSS
0.0062
EPSS Percentile
69.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Classification
CWE
CWE-254
Status
draft
Affected Products (18)
oracle/linux
oracle/linux
oracle/linux
opensuse/opensuse
mozilla/firefox
< 44.0.2
mozilla/firefox
mozilla/firefox
mozilla/firefox
mozilla/firefox
mozilla/firefox
mozilla/firefox
mozilla/firefox
mozilla/firefox
mozilla/firefox
mozilla/firefox
... and 3 more
Timeline
Published
Mar 13, 2016
Tracked Since
Feb 18, 2026