CVE-2016-1940

5.3MEDIUM

Key Information:

Vendor: Google
Status: Android; Firefox
Vendor: CVE Published:; 31 January 2016

Summary

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.

References

http://www.securitytracker.com/id/1034825

vdb-entryx_refsource_SECTRACK

https://bugzilla.mozilla.org/show_bug.cgi?id=1208525

x_refsource_CONFIRM

http://www.mozilla.org/security/announce/2016/mfsa2016-05...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2016
Vulnerability Reserved
Jan 20, 2016

Collectors

NVD DatabaseMitre Database