CVE-2016-1948

Description

Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a themes images and colors by modifying the client-server data stream.

Risk Information

Base Score

5.3

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS Score

Exploitation Probability

0.219

Associated Vulnerability

Vulnerability	OS Platform
Update for Mozilla Firefox (44.0)	Windows
Update for Mozilla Firefox x64 (44.0)	Windows
Update for Mozilla Firefox (44.0.1)	Windows
Update for Mozilla Firefox x64 (44.0.1)	Windows
Update for Mozilla Firefox (44.0.2)	Windows
Update for Mozilla Firefox x64 (44.0.2)	Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 43.0.4	Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 43.0.4	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-302195	Update for Mozilla Firefox (44.0)
PATCH-302196	Update for Mozilla Firefox x64 (44.0)
PATCH-302198	Update for Mozilla Firefox x64 (44.0.1)
PATCH-302199	Update for Mozilla Firefox (44.0.2)
PATCH-302200	Update for Mozilla Firefox x64 (44.0.2)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234