CVE-2016-1948 in Mozilla Firefoxinfo

Summary

Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme s images and colors by modifying the client-server data stream.

Reservation

01/19/2016

Disclosure

01/31/2016

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
80695	Mozilla Firefox Lightweight Theme cryptographic issue	310	Not defined	Official fix	CVE-2016-1948

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!