Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2016-5262

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.

  • Published: Aug 5, 2016
  • Updated: Apr 13, 2023
  • CVE: CVE-2016-5262
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.1
  • AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
mozilla / firefox - 47.0.1.x
mozilla / firefox_esr 45.1.1 45.1.1.x
mozilla / firefox_esr 45.1.0 45.1.0.x
mozilla / firefox_esr 45.2.0 45.2.0.x
mozilla / firefox_esr 45.3.0 45.3.0.x
oracle / linux 5.0 5.0.x
oracle / linux 6 6.x
oracle / linux 7 7.x