1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
PublicDateAtUSN: 2016-08-03
Candidate: CVE-2016-5265
PublicDate: 2016-08-04
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5265
https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/
https://bugzilla.mozilla.org/show_bug.cgi?id=1278013
http://www.ubuntu.com/usn/usn-3044-1
Description:
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow
user-assisted remote attackers to bypass the Same Origin Policy, and
conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging
for the presence of a crafted HTML document and a crafted shortcut file in
the same local directory.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Abdulrahman Alqabandi
Assigned-to: chrisccoulson
Patches_firefox:
upstream_firefox: released (48)
precise_firefox: released (48.0+build2-0ubuntu0.12.04.1)
trusty_firefox: released (48.0+build2-0ubuntu0.14.04.1)
vivid/ubuntu-core_firefox: DNE
vivid/stable-phone-overlay_firefox: DNE
xenial_firefox: released (48.0+build2-0ubuntu0.16.04.1)
devel_firefox: not-affected (48.0+build2-0ubuntu1)
Patches_thunderbird:
Priority_thunderbird: low
upstream_thunderbird: not-affected
precise_thunderbird: not-affected
trusty_thunderbird: not-affected
vivid/ubuntu-core_thunderbird: DNE
vivid/stable-phone-overlay_thunderbird: DNE
xenial_thunderbird: not-affected
devel_thunderbird: not-affected
|