CVE-2016-2829
MEDIUMOpensuse Leap < 46.0.1 - Improper Access Control
Title source: ruleDescription
Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission.
References (6)
Scores
CVSS v3
6.5
EPSS
0.0037
EPSS Percentile
58.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Classification
CWE
CWE-284
Status
draft
Affected Products (8)
opensuse/leap
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
mozilla/firefox
< 46.0.1
opensuse/opensuse
opensuse/opensuse
Timeline
Published
Jun 13, 2016
Tracked Since
Feb 18, 2026