1. Home
  2. CVE Database
  3. CVE-2016-2822
MEDIUM · 6.5

CVE-2016-2822

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.

Vulnerability Description

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
DebianDebian Linux8.0
MozillaFirefox45.1.0
CanonicalUbuntu Linux12.04
OpensuseLeap42.1
OpensuseOpensuse13.1

Related Weaknesses (CWE)

CWE-284

References

FAQ

What is CVE-2016-2822?

CVE-2016-2822 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.

How severe is CVE-2016-2822?

CVE-2016-2822 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-2822?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Mozilla Firefox, Canonical Ubuntu Linux, Opensuse Leap, Opensuse Opensuse.