CVE-2016-1948

5.3MEDIUM

Key Information:

Vendor: Google
Status: Android; Firefox
Vendor: CVE Published:; 31 January 2016

Summary

Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream.

References

http://www.securitytracker.com/id/1034825

vdb-entryx_refsource_SECTRACK

http://www.mozilla.org/security/announce/2016/mfsa2016-12...

x_refsource_CONFIRM

https://bugzilla.mozilla.org/show_bug.cgi?id=1235876

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2016
Vulnerability Reserved
Jan 20, 2016

Collectors

NVD DatabaseMitre Database