vulnerability
Oracle Solaris 11: CVE-2016-1967: Vulnerability in Firefox
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Mar 13, 2016 | May 29, 2017 | Feb 1, 2022 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Mar 13, 2016
Added
May 29, 2017
Modified
Feb 1, 2022
Description
Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207.
Solutions
oracle-solaris-11-3-upgrade-developer-yasm-1-3-0-0-175-3-14-0-2-0oracle-solaris-11-3-upgrade-mail-thunderbird-45-3-0-0-175-3-14-0-4-0oracle-solaris-11-3-upgrade-mail-thunderbird-plugin-thunderbird-lightning-45-3-0-0-175-3-14-0-4-0oracle-solaris-11-3-upgrade-web-browser-firefox-45-4-0-0-175-3-14-0-4-0oracle-solaris-11-3-upgrade-web-data-firefox-bookmarks-45-4-0-0-175-3-14-0-4-0
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.