PT-2016-2532 · Mozilla+3 · Firefox+3

Firace

Publicado

2016-08-02

Atualizado

2024-12-12

CVE-2016-5251

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 48.0

Description The issue exists due to insufficient input validation in the browser, allowing a remote attacker to spoof the location bar by using special characters in the media type of a data: URL. This can be achieved through crafted characters in the data:URL type.

Recommendations For versions prior to 48.0, update to version 48.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of data:URL types until a patch is applied. Avoid using special characters in the media type of a data:URL to minimize the risk of exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2016-1836

ALT-PU-2017-1578

BDU:2016-01923

CVE-2016-5251

OPENSUSE-SU-2016_1964-1

OPENSUSE-SU-2016_2026-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

USN-3044-1

Produtos afetados

Alt Linux

Firefox

Suse

Ubuntu

PT-2016-2532 · Mozilla+3 · Firefox+3

CVE-2016-5251

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2095