CVE-2016-2831

HIGH

Canonical Ubuntu Linux < 46.0.1 - Security Feature Bypass

Title source: rule
STIX 2.1

Description

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.

References (11)

Core 11
Core References
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2993-1
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/91075
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3600
Issue Tracking, Permissions Required x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1261933
Third Party Advisory vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036057
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2016:1217
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html

Scores

CVSS v3 8.8
EPSS 0.0066
EPSS Percentile 71.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H

Details

CWE
CWE-254 CWE-284
Status published
Products (11)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 15.10
canonical/ubuntu_linux 16.04
debian/debian_linux 8.0
mozilla/firefox 45.1.0
mozilla/firefox 45.1.1
mozilla/firefox < 46.0.1
opensuse/leap 42.1
opensuse/opensuse 13.1
... and 1 more
Published Jun 13, 2016
Tracked Since Feb 18, 2026