CVE-2016-1954

Severity CVSS v4.0:
Pending analysis
Type:
CWE-264 Permissions, Privileges, and Access Control
Publication date:
13/03/2016
Last modified:
12/04/2025

Description

The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* 44.0.2 (including)
cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.5.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.6.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:38.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* 38.6.0 (including)


References to Advisories, Solutions, and Tools