Your submission was sent successfully! Close

CVE-2016-2820

Published: 27 April 2016

The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element.

Priority

Medium

CVSS 3 base score: 4.3

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
precise
Released (46.0+build5-0ubuntu0.12.04.2)
trusty Does not exist
(trusty was released [46.0+build5-0ubuntu0.14.04.2])
upstream
Released (46.0)
wily
Released (46.0+build5-0ubuntu0.15.10.2)
xenial
Released (46.0+build5-0ubuntu0.16.04.2)
thunderbird
Launchpad, Ubuntu, Debian
precise Not vulnerable

trusty Does not exist
(trusty was not-affected)
upstream Not vulnerable

wily Not vulnerable

xenial Not vulnerable