CVE-2016-1949 - OpenCVE

Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Mozilla	Firefox

Configuration 1 [-]

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2016-02/msg00102.html
http://lists.opensuse.org/opensuse-updates/2016-02/msg00142.html
http://www.mozilla.org/security/announce/2016/mfsa2016-13.html	Vendor Advisory
http://www.securitytracker.com/id/1035007
http://www.ubuntu.com/usn/USN-2893-1
https://bugzilla.mozilla.org/show_bug.cgi?id=1245724
https://security.gentoo.org/glsa/201605-06

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mozilla

Published: 2016-02-13T02:00:00

Updated: 2016-12-02T20:57:01

Reserved: 2016-01-20T00:00:00

Link: CVE-2016-1949

JSON object: View

NVD Information

Status : Modified

Published: 2016-02-13T02:59:12.977

Modified: 2016-12-06T03:07:54.350

Link: CVE-2016-1949

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-02-11T00:00:00", "descriptions": [{"lang": "en", "value": "Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-02T20:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"name": "1035007", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035007"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-13.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245724"}, {"name": "openSUSE-SU-2016:0553", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00142.html"}, {"name": "USN-2893-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2893-1"}, {"name": "GLSA-201605-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201605-06"}, {"name": "openSUSE-SU-2016:0489", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00102.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2016-1949", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1035007", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035007"}, {"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-13.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-13.html"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245724", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245724"}, {"name": "openSUSE-SU-2016:0553", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00142.html"}, {"name": "USN-2893-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2893-1"}, {"name": "GLSA-201605-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201605-06"}, {"name": "openSUSE-SU-2016:0489", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00102.html"}]}}}}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2016-1949", "datePublished": "2016-02-13T02:00:00", "dateReserved": "2016-01-20T00:00:00", "dateUpdated": "2016-12-02T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "6530D81C-68AB-45EE-A46F-20546F7F4407", "versionEndIncluding": "44.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file."}, {"lang": "es", "value": "Mozilla Firefox en versiones anteriores a 44.0.2 no restringe correctamente la interacci\u00f3n entre Service Workers y plugins, lo que permite a atacantes remotos eludir la Same Origin Policy a trav\u00e9s de un sitio web manipulado que desencadena respuestas suplantadas a las peticiones que utilizan NPAPI, seg\u00fan lo demostrado por una petici\u00f3n a un archivo crossdomain.xml."}], "id": "CVE-2016-1949", "lastModified": "2016-12-06T03:07:54.350", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-02-13T02:59:12.977", "references": [{"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00102.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00142.html"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-13.html"}, {"source": "security@mozilla.org", "url": "http://www.securitytracker.com/id/1035007"}, {"source": "security@mozilla.org", "url": "http://www.ubuntu.com/usn/USN-2893-1"}, {"source": "security@mozilla.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245724"}, {"source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/201605-06"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}