{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "44.0.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "38.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "38.0.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "38.0.5" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "38.1.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "38.1.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "38.2.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "38.2.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "38.3.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "38.4.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "38.5.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "38.5.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "38.6.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "38.6.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "13.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "6" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7" } ] } ] } } ], "details": "Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.", "id": "CVE-2016-1965", "modified": "2026-03-15T21:45:07.587291676Z", "published": "2016-03-13T18:59:14.553Z", "references": [ { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1035215" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html" }, { "type": "ADVISORY", "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-28.html" }, { "type": "ADVISORY", "url": "http://www.ubuntu.com/usn/USN-2917-2" }, { "type": "ADVISORY", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html" }, { "type": "ADVISORY", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "type": "ADVISORY", "url": "http://www.ubuntu.com/usn/USN-2917-1" }, { "type": "ADVISORY", "url": "https://security.gentoo.org/glsa/201605-06" }, { "type": "ADVISORY", "url": "http://www.debian.org/security/2016/dsa-3510" }, { "type": "ADVISORY", "url": "http://www.ubuntu.com/usn/USN-2917-3" }, { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245264" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "type": "CVSS_V3" } ] }