PT-2016-1463 · Mozilla+5 · Firefox Esr+6

Nicolas Golubovic

·

Publicado

2016-03-08

·

Atualizado

2024-12-12

·

CVE-2016-1954

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 45.0 Firefox ESR versions prior to 38.7
Description The issue is related to the nsCSPContext::SendReports function, which does not prevent the use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report. This allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file.
Recommendations For Mozilla Firefox versions prior to 45.0, update to version 45.0 or later. For Firefox ESR versions prior to 38.7, update to version 38.7 or later.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

ALT-PU-2016-1250
ALT-PU-2016-1277
ALT-PU-2016-1454
BDU:2016-00764
CESA-2016_0373
CESA-2016_0460
CVE-2016-1954
DSA-3510-1
DSA-3520-1
MGASA-2016-0105
MGASA-2016-0115
OPENSUSE-SU-2016:1769-1
OPENSUSE-SU-2016:1778-1
OPENSUSE-SU-2016_0731-1
OPENSUSE-SU-2016_0733-1
OPENSUSE-SU-2016_0876-1
OPENSUSE-SU-2016_0894-1
OPENSUSE-SU-2016_1767-1
OPENSUSE-SU-2016_1778-1
OPENSUSE-SU-2024:10071-1
OPENSUSE-SU-2024:10230-1
OPENSUSE-SU-2024:14572-1
RHSA-2016:0373
RHSA-2016:0460
RHSA-2016_0373
RHSA-2016_0460
SUSE-SU-2016:0727-1
SUSE-SU-2016:0777-1
SUSE-SU-2016:0909-1
USN-2917-1
USN-2917-2
USN-2917-3
USN-2934-1

Produtos afetados

Alt Linux
Centos
Firefox Esr
Firefox
Red Hat
Suse
Ubuntu