CVE-2016-1937

The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended.
Cross-site Scripting
Severity
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
mozillafirefox
𝑥
≤ 43.0.4
opensuseleap
42.1
opensuseopensuse
13.1
opensuseopensuse
13.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
wily
Fixed 44.0+build3-0ubuntu0.15.10.1
released
vivid
Fixed 44.0+build3-0ubuntu0.15.04.1
released
trusty
Fixed 44.0+build3-0ubuntu0.14.04.1
released
precise
Fixed 44.0+build3-0ubuntu0.12.04.1
released
thunderbird
wily
not-affected
vivid
not-affected
trusty
dne
precise
not-affected