CVE-2016-1965
MEDIUMMozilla Firefox <45.0 - Info Disclosure
Title source: llmDescription
Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.
References (17)
Scores
CVSS v3
4.3
EPSS
0.0050
EPSS Percentile
65.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Classification
CWE
CWE-254
Status
draft
Affected Products (18)
mozilla/firefox
< 44.0.2
mozilla/firefox
mozilla/firefox
mozilla/firefox
mozilla/firefox
mozilla/firefox
mozilla/firefox
mozilla/firefox
mozilla/firefox
mozilla/firefox
mozilla/firefox
mozilla/firefox
mozilla/firefox
mozilla/firefox
opensuse/opensuse
... and 3 more
Timeline
Published
Mar 13, 2016
Tracked Since
Feb 18, 2026