Home

CVE-2016-1949

Description

Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.179

Associated Vulnerability

VulnerabilityOS Platform
Vulnerability CVE-2016-1949 are affected in Mozilla Firefox 44.0.1Windows
Vulnerabilities CVE-2016-1949 are fixed in Update for Mozilla Firefox For Mac (44.0.2)Mac
Vulnerabilities CVE-2016-1949 are affected in Mozilla Firefox for Mac 44.0.1Mac
Mozilla Open Source web browser (USN-2880-2) firefox_44.0.2+build1-0ubuntu0.15.10.1_i386.debLinux
Mozilla Open Source web browser (USN-2880-2) firefox_44.0.2+build1-0ubuntu0.15.10.1_amd64.debLinux
Mozilla Open Source web browser (USN-2893-1) firefox_44.0.2+build1-0ubuntu0.12.04.1_i386.debLinux
Mozilla Open Source web browser (USN-2893-1) firefox_44.0.2+build1-0ubuntu0.12.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-2893-1) firefox_44.0.2+build1-0ubuntu0.14.04.1_i386.debLinux
Mozilla Open Source web browser (USN-2893-1) firefox_44.0.2+build1-0ubuntu0.14.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-2893-1) firefox_44.0.2+build1-0ubuntu0.15.10.1_i386.debLinux
Mozilla Open Source web browser (USN-2893-1) firefox_44.0.2+build1-0ubuntu0.15.10.1_amd64.debLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-343015Mozilla Firefox (132.0.2)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611870Mozilla Firefox For Mac (142.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234