CVE-2016-1965
4.3
MEDIUM
CVSS 3.1
EPSS 0.50%
Description
Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.
How to fix CVE-2016-1965
To remediate CVE-2016-1965, upgrade the affected package to a fixed version below.
- Debian/firefox-esr—upgrade to 45.0esr-1 or later
Is CVE-2016-1965 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 45.0esr-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |