Bug 983632 - (CVE-2016-2832) VUL-0: CVE-2016-2832: MozillaFirefox: Information disclosure of disabled plugins through CSS pseudo-classes (MFSA 2016-59)
(CVE-2016-2832)
VUL-0: CVE-2016-2832: MozillaFirefox: Information disclosure of disabled plug...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Petr Cerny
Security Team bot
https://smash.suse.de/issue/169868/
:
Depends on:
Blocks: 983549
  Show dependency treegraph
 
Reported: 2016-06-08 05:54 UTC by Marcus Meissner
Modified: 2020-04-05 18:21 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-06-08 05:54:50 UTC
https://www.mozilla.org/en-US/security/advisories/mfsa2016-59/


Mozilla Foundation Security Advisory 2016-59
Information disclosure of disabled plugins through CSS pseudo-classes

Announced
    June 7, 2016
Reporter
    John Schoenick
Impact
    Moderate
Products
    Firefox
Fixed in

        Firefox 47

Description

Mozilla developer John Schoenick reported that CSS pseudo-classes can be used by web content to leak information on plugins that are installed but disabled. This can be used for information disclosure through a fingerprinting attack that lists all of the plugins installed by a user on a system, even when they are disabled.
Comment 1 Marcus Meissner 2016-06-08 06:26:59 UTC
CVE-2016-2832
Comment 2 Swamp Workflow Management 2016-06-08 22:00:16 UTC
bugbot adjusting priority
Comment 3 Swamp Workflow Management 2016-06-11 12:12:08 UTC
openSUSE-SU-2016:1552-1: An update that solves 13 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 980384,981695,983549,983632,983638,983639,983640,983643,983644,983646,983649,983651,983652,983653,983655
CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2825,CVE-2016-2828,CVE-2016-2829,CVE-2016-2831,CVE-2016-2832,CVE-2016-2833,CVE-2016-2834
Sources used:
openSUSE Leap 42.1 (src):    MozillaFirefox-47.0-24.1, mozilla-nss-3.23-18.1
openSUSE 13.2 (src):    MozillaFirefox-47.0-71.1, mozilla-nss-3.23-34.1
Comment 4 Swamp Workflow Management 2016-06-11 20:08:32 UTC
openSUSE-SU-2016:1557-1: An update that solves 14 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 980384,981695,983549,983632,983638,983639,983640,983643,983644,983646,983649,983651,983652,983653,983655
CVE References: CVE-2016-1950,CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2825,CVE-2016-2828,CVE-2016-2829,CVE-2016-2831,CVE-2016-2832,CVE-2016-2833,CVE-2016-2834
Sources used:
openSUSE 13.1 (src):    MozillaFirefox-47.0-116.1, mozilla-nss-3.23-80.1
Comment 5 Marcus Meissner 2016-08-17 05:49:44 UTC
released