UBUNTU-CVE-2016-5265

Details

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory.

Affected Packages

Ubuntu:14.04:LTSfirefox

Affected versions:

24.0+build1-0ubuntu125.0+build3-0ubuntu0.13.10.128.0+build1-0ubuntu128.0+build2-0ubuntu128.0+build2-0ubuntu228.0~b2+build1-0ubuntu229.0+build1-0ubuntu0.14.04.230.0+build1-0ubuntu0.14.04.331.0+build1-0ubuntu0.14.04.132.0+build1-0ubuntu0.14.04.1+32 more

Fixed in:

48.0+build2-0ubuntu0.14.04.1

Ubuntu:16.04:LTSfirefox

Affected versions:

41.0.2+build2-0ubuntu142.0+build2-0ubuntu144.0+build3-0ubuntu244.0.1+build1-0ubuntu144.0.2+build1-0ubuntu145.0+build2-0ubuntu145.0.1+build1-0ubuntu145.0.2+build1-0ubuntu146.0+build5-0ubuntu0.16.04.246.0.1+build1-0ubuntu0.16.04.2+1 more

Fixed in:

48.0+build2-0ubuntu0.16.04.1

References

REPORThttps://bugzilla.mozilla.org/show_bug.cgi?id=1278013 REPORThttps://ubuntu.com/security/CVE-2016-5265 REPORThttps://ubuntu.com/security/notices/USN-3044-1 REPORThttps://www.cve.org/CVERecord?id=CVE-2016-5265 REPORThttps://www.mozilla.org/en-US/security/advisories/mfsa2016-80/

UBUNTU-CVE-2016-5265

Details

Affected Packages

References

CVSS Analysis

Related

Ecosystems

Timeline