Vulnerability Description
An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox < 50.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 50.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/94337Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037298Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1276976Issue TrackingVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2016-89/Vendor Advisory
- http://www.securityfocus.com/bid/94337Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037298Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1276976Issue TrackingVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2016-89/Vendor Advisory
FAQ
What is CVE-2016-9076?
CVE-2016-9076 is a vulnerability with a CVSS score of 5.9 (MEDIUM). An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnera...
How severe is CVE-2016-9076?
CVE-2016-9076 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9076?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.