admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2016/CVE-2016-28xx/CVE-2016-2820.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

137 lines
4.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2016-2820",
"sourceIdentifier": "security@mozilla.org",
"published": "2016-04-30T17:59:15.773",
"lastModified": "2017-07-01T01:29:40.983",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element."
},
{
"lang": "es",
"value": "La funcionalidad Firefox Health Reports (tambi\u00e9n conocida como FHR o about:healthreport) en Mozilla Firefox en versiones anteriores a 46.0 no restringe adecuadamente el origen de eventos, lo que facilita a atacantes remotos modificar preferencias de compartici\u00f3n aprovechando acceso al elemento IFRAME remote-report."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.3
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndIncluding": "45.0.2",
"matchCriteriaId": "97000851-C511-487E-A5E8-FCB173D76624"
}
]
}
]
}
],
"references": [
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html",
"source": "security@mozilla.org"
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html",
"source": "security@mozilla.org"
},
{
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-48.html",
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.securitytracker.com/id/1035692",
"source": "security@mozilla.org"
},
{
"url": "http://www.ubuntu.com/usn/USN-2936-1",
"source": "security@mozilla.org"
},
{
"url": "http://www.ubuntu.com/usn/USN-2936-2",
"source": "security@mozilla.org"
},
{
"url": "http://www.ubuntu.com/usn/USN-2936-3",
"source": "security@mozilla.org"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=870870",
"source": "security@mozilla.org"
},
{
"url": "https://security.gentoo.org/glsa/201701-15",
"source": "security@mozilla.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink