CVE-2016-1942

Published: Jan 31, 2016Modified: May 6, 2026

7.4

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 4.0

Source: NVD

Description

Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI.

Affected (4)

Products: Opensuse: Leap, Opensuse · Mozilla: Firefox

2 products

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.1
Opensuse Opensuse	Version 13.1
Opensuse Opensuse	Version 13.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 43.0.4

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (18)

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html

Source: security@mozilla.org

http://www.mozilla.org/security/announce/2016/mfsa2016-09.html

Source: security@mozilla.org

Vendor Advisory

http://www.securityfocus.com/bid/81948

Source: security@mozilla.org

http://www.securitytracker.com/id/1034825

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-2880-1

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-2880-2

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1189082

Source: security@mozilla.org

https://security.gentoo.org/glsa/201605-06

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html