CVE-2016-1967

Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
http://www.mozilla.org/security/announce/2016/mfsa2016-29.html	Vendor Advisory
http://www.securitytracker.com/id/1035215
http://www.ubuntu.com/usn/USN-2917-1
http://www.ubuntu.com/usn/USN-2917-2
http://www.ubuntu.com/usn/USN-2917-3
https://bugzilla.mozilla.org/show_bug.cgi?id=1246956
https://security.gentoo.org/glsa/201605-06

Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-03-13 18:59

Updated : 2024-02-04 18:53

NVD link : CVE-2016-1967

Mitre link : CVE-2016-1967

CVE.ORG link : CVE-2016-1967

JSON object : View

Products Affected

mozilla

firefox

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2016-1967", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2016-03-13T18:59:16.367", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html", "source": "security@mozilla.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html", "source": "security@mozilla.org"}, {"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-29.html", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "http://www.securitytracker.com/id/1035215", "source": "security@mozilla.org"}, {"url": "http://www.ubuntu.com/usn/USN-2917-1", "source": "security@mozilla.org"}, {"url": "http://www.ubuntu.com/usn/USN-2917-2", "source": "security@mozilla.org"}, {"url": "http://www.ubuntu.com/usn/USN-2917-3", "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1246956", "source": "security@mozilla.org"}, {"url": "https://security.gentoo.org/glsa/201605-06", "source": "security@mozilla.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207."}, {"lang": "es", "value": "Mozilla Firefox en versiones anteriores a 45.0 no restringe correctamente la disponibilidad de los tiempos de la API IFRAME Resource Timing, lo que permite a atacantes remotos eludir la Same Origin Policy y obtener informaci\u00f3n sensible a trav\u00e9s de c\u00f3digo JavaScript manipulado que se aprovecha de las llamadas history.back y performance.getEntries despu\u00e9s de restaurar una sesi\u00f3n del navegador. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2015-7207."}], "lastModified": "2016-12-03T03:23:50.247", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2CA2CAD-3088-47C2-AE3A-607E6064E9BE", "versionEndIncluding": "44.0.2"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}