CVE-2016-5262 in Firefoxinfo

Summary

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

ID	Vulnerability	CWE	Exp	Cou	CVE
90439	Mozilla Firefox Marquee Tag cross site scripting	79	Not defined	Official fix	CVE-2016-5262

Reservation

06/03/2016

Disclosure

08/04/2016

Status

Confirmed

Entries

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-5262
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-5262
CVE Details	https://www.cvedetails.com/cve/CVE-2016-5262/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!