Bugzilla – Bug 983643
VUL-0: CVE-2016-2831: MozillaFirefox: Entering fullscreen and persistent pointerlock without user permission (MFSA 2016-58)
Last modified: 2020-04-05 18:22:10 UTC
https://www.mozilla.org/en-US/security/advisories/mfsa2016-58/ Mozilla Foundation Security Advisory 2016-58 Entering fullscreen and persistent pointerlock without user permission Announced June 7, 2016 Reporter sushi Anton Larsson Impact High Products Firefox, Firefox ESR Fixed in Firefox 47 Firefox ESR 45.2 Description Security researcher sushi Anton Larsson reported that when paired fullscreen and pointerlock requests are done in combination with closing windows, a pointerlock can be created within a fullscreen window without user permission. This pointerlock cannot then be cancelled without terminating the browser, resulting in a persistent denial of service attack. This can also be used for spoofing and clickjacking attacks against the browser UI. References mozRequestFullScreen + mozRequestPointerLock: bypassing pointer lock permission (CVE-2016-2831)
bugbot adjusting priority
openSUSE-SU-2016:1552-1: An update that solves 13 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 980384,981695,983549,983632,983638,983639,983640,983643,983644,983646,983649,983651,983652,983653,983655 CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2825,CVE-2016-2828,CVE-2016-2829,CVE-2016-2831,CVE-2016-2832,CVE-2016-2833,CVE-2016-2834 Sources used: openSUSE Leap 42.1 (src): MozillaFirefox-47.0-24.1, mozilla-nss-3.23-18.1 openSUSE 13.2 (src): MozillaFirefox-47.0-71.1, mozilla-nss-3.23-34.1
openSUSE-SU-2016:1557-1: An update that solves 14 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 980384,981695,983549,983632,983638,983639,983640,983643,983644,983646,983649,983651,983652,983653,983655 CVE References: CVE-2016-1950,CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2825,CVE-2016-2828,CVE-2016-2829,CVE-2016-2831,CVE-2016-2832,CVE-2016-2833,CVE-2016-2834 Sources used: openSUSE 13.1 (src): MozillaFirefox-47.0-116.1, mozilla-nss-3.23-80.1
SUSE-SU-2016:1691-1: An update that solves 9 vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 982366,983549,983638,983639,983643,983646,983651,983652,983653,983655,984006,984126,985659 CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2828,CVE-2016-2831,CVE-2016-2834 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): MozillaFirefox-45.2.0esr-75.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2 SUSE Linux Enterprise Software Development Kit 12 (src): MozillaFirefox-45.2.0esr-75.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2 SUSE Linux Enterprise Server 12-SP1 (src): MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2 SUSE Linux Enterprise Server 12 (src): MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2 SUSE Linux Enterprise Desktop 12-SP1 (src): MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2 SUSE Linux Enterprise Desktop 12 (src): MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
SUSE-SU-2016:1799-1: An update that solves 9 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 983549,983638,983639,983643,983646,983651,983652,983653,983655,984006,985659 CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2828,CVE-2016-2831,CVE-2016-2834 Sources used: SUSE OpenStack Cloud 5 (src): MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1 SUSE Manager Proxy 2.1 (src): MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1 SUSE Manager 2.1 (src): MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1 SUSE Linux Enterprise Software Development Kit 11-SP4 (src): MozillaFirefox-45.2.0esr-45.2, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1 SUSE Linux Enterprise Server 11-SP4 (src): MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1 SUSE Linux Enterprise Server 11-SP3-LTSS (src): MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): MozillaFirefox-45.2.0esr-45.2, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE-SU-2016:2061-1: An update that fixes 24 vulnerabilities is now available. Category: security (important) Bug References: 983549,983638,983639,983643,983646,983651,983652,983653,983655,984006,985659,989196,990628,990856,991809 CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2828,CVE-2016-2830,CVE-2016-2831,CVE-2016-2834,CVE-2016-2835,CVE-2016-2836,CVE-2016-2837,CVE-2016-2838,CVE-2016-2839,CVE-2016-5252,CVE-2016-5254,CVE-2016-5258,CVE-2016-5259,CVE-2016-5262,CVE-2016-5263,CVE-2016-5264,CVE-2016-5265,CVE-2016-6354 Sources used: SUSE Linux Enterprise Server 11-SP2-LTSS (src): MozillaFirefox-45.3.0esr-48.1, MozillaFirefox-branding-SLED-45.0-20.38, firefox-fontconfig-2.11.0-4.2, mozilla-nspr-4.12-25.2, mozilla-nss-3.21.1-26.2 SUSE Linux Enterprise Debuginfo 11-SP2 (src): MozillaFirefox-45.3.0esr-48.1, firefox-fontconfig-2.11.0-4.2, mozilla-nspr-4.12-25.2, mozilla-nss-3.21.1-26.2
released