CVE-2016-1949
CVSS v3.0
8.8 (High)
CVSS v2.0
6.8 (Medium)
EPSS
0.82 % (82th)
Affected Products
1
Advisories
4
Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file.
Weaknesses
- CWE-264
- Permissions, Privileges, and Access Controls
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2016-02-13 02:59:12
(8 years ago) - Updated Date
-
2016-12-06 03:07:54
(7 years ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...