CVE-2016-2833

MEDIUM

Opensuse Leap < 46.0.1 - Security Feature Bypass

Title source: rule
STIX 2.1

Description

Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036057
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=908933
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2993-1

Scores

CVSS v3 6.1
EPSS 0.0034
EPSS Percentile 56.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-254 CWE-79
Status published
Products (8)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 15.10
canonical/ubuntu_linux 16.04
mozilla/firefox < 46.0.1
opensuse/leap 42.1
opensuse/opensuse 13.1
opensuse/opensuse 13.2
Published Jun 13, 2016
Tracked Since Feb 18, 2026