Bugzilla – Bug 983652
VUL-0: CVE-2016-2822: MozillaFirefox: Addressbar spoofing though the SELECT element (MFSA 2016-52)
Last modified: 2020-04-05 18:22:26 UTC
https://www.mozilla.org/en-US/security/advisories/mfsa2016-52/ Mozilla Foundation Security Advisory 2016-52 Addressbar spoofing though the SELECT element Announced June 7, 2016 Reporter Jordi Chancel Impact Moderate Products Firefox, Firefox ESR Fixed in Firefox 47 Firefox ESR 45.2 Description Security researcher Jordi Chancel reported a method to spoof the contents of the addressbar. This uses a persistent menu within a <select> element, which acts as a container for HTML content and can be placed in an arbitrary location. When placed over the addressbar, this can mask the true site URL, allowing for spoofing by a malicious site. References Firefox Navigation from a page with an active dropdown menu can be used for spoofing (CVE-2016-2822)
This is an autogenerated message for OBS integration: This bug (983652) was mentioned in https://build.opensuse.org/request/show/400713 Factory / MozillaFirefox https://build.opensuse.org/request/show/400714 42.1 / MozillaFirefox https://build.opensuse.org/request/show/400716 13.2 / MozillaFirefox https://build.opensuse.org/request/show/400718 13.1 / MozillaFirefox
bugbot adjusting priority
openSUSE-SU-2016:1552-1: An update that solves 13 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 980384,981695,983549,983632,983638,983639,983640,983643,983644,983646,983649,983651,983652,983653,983655 CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2825,CVE-2016-2828,CVE-2016-2829,CVE-2016-2831,CVE-2016-2832,CVE-2016-2833,CVE-2016-2834 Sources used: openSUSE Leap 42.1 (src): MozillaFirefox-47.0-24.1, mozilla-nss-3.23-18.1 openSUSE 13.2 (src): MozillaFirefox-47.0-71.1, mozilla-nss-3.23-34.1
openSUSE-SU-2016:1557-1: An update that solves 14 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 980384,981695,983549,983632,983638,983639,983640,983643,983644,983646,983649,983651,983652,983653,983655 CVE References: CVE-2016-1950,CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2825,CVE-2016-2828,CVE-2016-2829,CVE-2016-2831,CVE-2016-2832,CVE-2016-2833,CVE-2016-2834 Sources used: openSUSE 13.1 (src): MozillaFirefox-47.0-116.1, mozilla-nss-3.23-80.1
SUSE-SU-2016:1691-1: An update that solves 9 vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 982366,983549,983638,983639,983643,983646,983651,983652,983653,983655,984006,984126,985659 CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2828,CVE-2016-2831,CVE-2016-2834 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): MozillaFirefox-45.2.0esr-75.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2 SUSE Linux Enterprise Software Development Kit 12 (src): MozillaFirefox-45.2.0esr-75.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2 SUSE Linux Enterprise Server 12-SP1 (src): MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2 SUSE Linux Enterprise Server 12 (src): MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2 SUSE Linux Enterprise Desktop 12-SP1 (src): MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2 SUSE Linux Enterprise Desktop 12 (src): MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
SUSE-SU-2016:1799-1: An update that solves 9 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 983549,983638,983639,983643,983646,983651,983652,983653,983655,984006,985659 CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2828,CVE-2016-2831,CVE-2016-2834 Sources used: SUSE OpenStack Cloud 5 (src): MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1 SUSE Manager Proxy 2.1 (src): MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1 SUSE Manager 2.1 (src): MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1 SUSE Linux Enterprise Software Development Kit 11-SP4 (src): MozillaFirefox-45.2.0esr-45.2, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1 SUSE Linux Enterprise Server 11-SP4 (src): MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1 SUSE Linux Enterprise Server 11-SP3-LTSS (src): MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): MozillaFirefox-45.2.0esr-45.2, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE-SU-2016:2061-1: An update that fixes 24 vulnerabilities is now available. Category: security (important) Bug References: 983549,983638,983639,983643,983646,983651,983652,983653,983655,984006,985659,989196,990628,990856,991809 CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2828,CVE-2016-2830,CVE-2016-2831,CVE-2016-2834,CVE-2016-2835,CVE-2016-2836,CVE-2016-2837,CVE-2016-2838,CVE-2016-2839,CVE-2016-5252,CVE-2016-5254,CVE-2016-5258,CVE-2016-5259,CVE-2016-5262,CVE-2016-5263,CVE-2016-5264,CVE-2016-5265,CVE-2016-6354 Sources used: SUSE Linux Enterprise Server 11-SP2-LTSS (src): MozillaFirefox-45.3.0esr-48.1, MozillaFirefox-branding-SLED-45.0-20.38, firefox-fontconfig-2.11.0-4.2, mozilla-nspr-4.12-25.2, mozilla-nss-3.21.1-26.2 SUSE Linux Enterprise Debuginfo 11-SP2 (src): MozillaFirefox-45.3.0esr-48.1, firefox-fontconfig-2.11.0-4.2, mozilla-nspr-4.12-25.2, mozilla-nss-3.21.1-26.2
released