CVE-2016-1949

CVSS v3.0 8.8 (High)

CVSS v2.0 6.8 (Medium)

EPSS 0.82 % (82^th)

Affected Products 1

Advisories 4

Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file.

Weaknesses

CWE-264: Permissions, Privileges, and Access Controls

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2016-02-13 02:59:12
(8 years ago)
Updated Date: 2016-12-06 03:07:54
(7 years ago)

Affected Products

Mozilla

Firefox

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox 44.0.1 and prior versions	cpe:2.3:a:mozilla:firefox		<= 44.0.1