virus logo FortiClient Vulnerability

Mozilla Firefox CVE-2016-2817 Weak Authentication Vulnerability

description-logoDescription

Security researcher Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd. reported that the chrome.tabs.update API for web extensions allows for navigation to javascript: URLs without additional permissions. This can used to elevate privilege for a universal cross-site scripting (XSS) attack by a malicious web extension. It can also be used to inject content into other extensions if they load content within browser tabs.

affected-products-logoAffected Applications

Firefox

CVE References

CVE-2016-2817

Other References

https://www.mozilla.org/en-US/security/advisories/mfsa2016-46
ID 39719
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor Mozilla
Patch manual
Application Firefox