Same Origin Policy Bypass in Mozilla Firefox
CVE-2016-1955

4.3MEDIUM

Key Information:

Vendor
Novell
Status
Suse Package Hub For Suse Linux Enterprise
Leap
Opensuse
Vendor
CVE Published:
13 March 2016

Summary

A vulnerability in Mozilla Firefox prior to version 45.0 allows remote attackers to bypass the Same Origin Policy, potentially enabling them to read Content Security Policy (CSP) violation reports. These reports may contain sensitive path information linked to IFRAME elements, thus posing a risk of unauthorized access to sensitive data. This manipulation of CSP reports can expose personal information and lead to further exploitation.

References

http://lists.opensuse.org/opensuse-security-announce/2016...
vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016...
vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.