CVE-2016-1965
Mozilla: Addressbar spoofing though history navigation and Location protocol property (MFSA 2016-28)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.
Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 no maneja correctamente la secuencia de navegación que devuelve a la página original, lo que permite a atacantes remotos suplantar la barra de direcciones a través de vectores que involucran el método history.back y la propiedad location.protocol.
Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto, Tyson Smith, Andrea Marchesini, and Jukka Jylanki discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-01-20 CVE Reserved
- 2016-03-09 CVE Published
- 2024-08-05 CVE Updated
- 2025-07-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-254: 7PK - Security Features
CAPEC
References (19)
| URL | Tag | Source |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html | Third Party Advisory |
|
| http://www.securitytracker.com/id/1035215 | Vdb Entry | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1245264 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 44.0.2 Search vendor "Mozilla" for product "Firefox" and version " <= 44.0.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.0 Search vendor "Mozilla" for product "Firefox Esr" and version "38.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.0.1 Search vendor "Mozilla" for product "Firefox Esr" and version "38.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.0.5 Search vendor "Mozilla" for product "Firefox Esr" and version "38.0.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.1.0 Search vendor "Mozilla" for product "Firefox Esr" and version "38.1.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.1.1 Search vendor "Mozilla" for product "Firefox Esr" and version "38.1.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.2.0 Search vendor "Mozilla" for product "Firefox Esr" and version "38.2.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.2.1 Search vendor "Mozilla" for product "Firefox Esr" and version "38.2.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.3.0 Search vendor "Mozilla" for product "Firefox Esr" and version "38.3.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.4.0 Search vendor "Mozilla" for product "Firefox Esr" and version "38.4.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.5.0 Search vendor "Mozilla" for product "Firefox Esr" and version "38.5.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.5.1 Search vendor "Mozilla" for product "Firefox Esr" and version "38.5.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.6.0 Search vendor "Mozilla" for product "Firefox Esr" and version "38.6.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.6.1 Search vendor "Mozilla" for product "Firefox Esr" and version "38.6.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.1 Search vendor "Opensuse" for product "Opensuse" and version "13.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | 5.0 Search vendor "Oracle" for product "Linux" and version "5.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | 6 Search vendor "Oracle" for product "Linux" and version "6" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | 7 Search vendor "Oracle" for product "Linux" and version "7" | - |
Affected
| ||||||