1. Home
  2. Vulnerabilities
  3. CVE-2016-1967

CVE-2016-1967

CVSS v3.0 6.5 (Medium)
65% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.35 % (72th)
0.35% Progress
Affected Products 1
Advisories 4
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207.

Weaknesses
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Related CVEs
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2016-03-13 18:59:16
(8 years ago)
Updated Date
2016-12-03 03:23:50
(7 years ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox 44.0.2 and prior versions cpe:2.3:a:mozilla:firefox <= 44.0.2