vulnerability

SUSE: CVE-2016-2817: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Apr 30, 2016	May 4, 2016	Feb 4, 2022

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Apr 30, 2016

Added

May 4, 2016

Modified

Feb 4, 2022

Description

The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL.

Solutions

suse-upgrade-mozillafirefoxsuse-upgrade-mozillafirefox-develsuse-upgrade-mozillafirefox-translations-commonsuse-upgrade-mozillafirefox-translations-other

References

SECTRACK-1035692
UBUNTU-USN-2936-1
UBUNTU-USN-2936-2
UBUNTU-USN-2936-3
GENTOO-GLSA-201701-15
NVD-CVE-2016-2817

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today