UBUNTU-CVE-2016-5268

Details

Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text after an about:neterror?d= substring.

Affected Packages

Ubuntu:14.04:LTSfirefox

Affected versions:

24.0+build1-0ubuntu125.0+build3-0ubuntu0.13.10.128.0+build1-0ubuntu128.0+build2-0ubuntu128.0+build2-0ubuntu228.0~b2+build1-0ubuntu229.0+build1-0ubuntu0.14.04.230.0+build1-0ubuntu0.14.04.331.0+build1-0ubuntu0.14.04.132.0+build1-0ubuntu0.14.04.1+32 more

Fixed in:

48.0+build2-0ubuntu0.14.04.1

Ubuntu:16.04:LTSfirefox

Affected versions:

41.0.2+build2-0ubuntu142.0+build2-0ubuntu144.0+build3-0ubuntu244.0.1+build1-0ubuntu144.0.2+build1-0ubuntu145.0+build2-0ubuntu145.0.1+build1-0ubuntu145.0.2+build1-0ubuntu146.0+build5-0ubuntu0.16.04.246.0.1+build1-0ubuntu0.16.04.2+1 more

Fixed in:

48.0+build2-0ubuntu0.16.04.1

References

REPORThttps://bugzilla.mozilla.org/show_bug.cgi?id=1253673 REPORThttps://ubuntu.com/security/CVE-2016-5268 REPORThttps://ubuntu.com/security/notices/USN-3044-1 REPORThttps://www.cve.org/CVERecord?id=CVE-2016-5268 REPORThttps://www.mozilla.org/en-US/security/advisories/mfsa2016-83/

UBUNTU-CVE-2016-5268

Details

Affected Packages

References

CVSS Analysis

Related

Ecosystems

Timeline