CVE-2016-1965

medium

Published 2016-03-13 · Modified 2026-05-06

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

4.3

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS v4 NEW

—

not yet in upstream

VIR risk

4.3

Description

Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.

Predictions

Exploit likelihood

53%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker · View original ↗ · DFSG

CVE-2016-1965 NameCVE-2016-1965 DescriptionMozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property. SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu,…

CVE-2016-1965

Name	CVE-2016-1965
Description	Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-3510-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
firefox (PTS)	sid	151.0.3-1	fixed
firefox-esr (PTS)	bullseye	115.14.0esr-1~deb11u1	fixed
	bullseye (security)	140.11.0esr-1~deb11u1	fixed
	bookworm	140.10.2esr-1~deb12u1	fixed
	bookworm (security)	140.11.0esr-1~deb12u1	fixed
	trixie	140.10.2esr-1~deb13u1	fixed
	trixie (security)	140.11.0esr-1~deb13u1	fixed
	forky, sid	140.11.0esr-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
firefox	source	(unstable)	45.0-1
firefox-esr	source	(unstable)	45.0esr-1
iceweasel	source	wheezy	38.7.0esr-1~deb7u1	DSA-3510-1
iceweasel	source	jessie	38.7.0esr-1~deb8u1	DSA-3510-1
iceweasel	source	(unstable)	(unfixed)

Notes

https://www.mozilla.org/en-US/security/advisories/mfsa2016-28/

Home - Debian Security - Source (Git)

Apply commands

text fix

Notes

https://www.mozilla.org/en-US/security/advisories/mfsa2016-28/

OS impact

SUSE Affected 1 release

Version	Status	Fixed in
13.1	Affected	—

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`45.0esr-1`
sid	Fixed	`45.0-1`
forky	Fixed	`45.0esr-1`
bullseye	Fixed	`45.0esr-1`
bookworm	Fixed	`45.0esr-1`

Application impact

Vendor	Product	Versions
mozilla	firefox	`{"endIncluding":"44.0.2"}`
mozilla	firefox	`38.0`
mozilla	firefox	`38.0.1`
mozilla	firefox	`38.0.5`
mozilla	firefox	`38.1.0`
mozilla	firefox	`38.1.1`
mozilla	firefox	`38.2.0`
mozilla	firefox	`38.2.1`
mozilla	firefox	`38.3.0`
mozilla	firefox	`38.4.0`
mozilla	firefox	`38.5.0`
mozilla	firefox	`38.5.1`
mozilla	firefox	`38.6.0`
mozilla	firefox	`38.6.1`

References

CWEs

CWE-254

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.