CVE-2016-2827

CVSS v3.0 6.5 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.84 % (82^th)

Affected Products 1

Advisories 4

The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security Policy (CSP) referrer directive with zero values.

Weaknesses

CWE-125: Out-of-bounds Read

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2016-09-22 22:59:00
(8 years ago)
Updated Date: 2018-06-12 01:29:00
(6 years ago)

Affected Products

Mozilla

Firefox

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox 48.0.2 and prior versions	cpe:2.3:a:mozilla:firefox		<= 48.0.2