CVE-2016-1965

Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.

Published: Mar 13, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-1965
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-254

Affected Software
References

Software	From	Fixed in
mozilla / firefox_esr	38.0	38.0.x
mozilla / firefox_esr	38.2.1	38.2.1.x
mozilla / firefox_esr	38.1.0	38.1.0.x
mozilla / firefox_esr	38.2.0	38.2.0.x
mozilla / firefox_esr	38.6.1	38.6.1.x
mozilla / firefox_esr	38.4.0	38.4.0.x
mozilla / firefox_esr	38.3.0	38.3.0.x
mozilla / firefox_esr	38.5.1	38.5.1.x
mozilla / firefox_esr	38.0.5	38.0.5.x
mozilla / firefox_esr	38.0.1	38.0.1.x
mozilla / firefox_esr	38.5.0	38.5.0.x
mozilla / firefox_esr	38.6.0	38.6.0.x
mozilla / firefox_esr	38.1.1	38.1.1.x
mozilla / firefox	-	44.0.2.x
opensuse / opensuse	13.1	13.1.x
oracle / linux	5.0	5.0.x
oracle / linux	6	6.x
oracle / linux	7	7.x

Vulnerability Database

289,689

CVE-2016-1965