Security Features Affecting firefox-esr package, versions <45.2.0esr-1


0.0
high

Snyk CVSS

    Attack Complexity Low
    User Interaction Required
    Scope Changed
    Availability High

    Threat Intelligence

    EPSS 1.44% (87th percentile)
Expand this section
NVD
8.8 high
Expand this section
Red Hat
4.3 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-DEBIANUNSTABLE-FIREFOXESR-354298
  • published 13 Jun 2016
  • disclosed 13 Jun 2016

How to fix?

Upgrade Debian:unstable firefox-esr to version 45.2.0esr-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream firefox-esr package and not the firefox-esr package as distributed by Debian. See How to fix? for Debian:unstable relevant fixed versions and status.

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.