Home > Vulnerability Database > CVE-2016-2820

Mend.io Vulnerability Database

CVE-2016-2820

Date: April 30, 2016

The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element.

Severity Score

4.3

Related Resources (12)

Url: https://security.gentoo.org/glsa/201701-15

Url: http://www.ubuntu.com/usn/USN-2936-3

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=870870

Url: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html

Url: http://www.mozilla.org/security/announce/2016/mfsa2016-48.html

Url: http://www.securitytracker.com/id/1035692

Url: http://www.ubuntu.com/usn/USN-2936-1

Url: https://nvd.nist.gov/vuln/detail/CVE-2016-2820

Url: http://www.ubuntu.com/usn/USN-2936-2

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2016-2820

Url: http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html

Url: https://www.mend.io/vulnerability-database/CVE-2016-2820

Severity Score

4.3

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2016-2820

Date: April 30, 2016

Severity Score

Related Resources (12)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?