CVE-2016-1640

MEDIUM Year: 2016
CVSS v3 Score
4.3
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-17
View all →

Vulnerability Description

The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the user's next navigation target via a crafted web site.

Related Vulnerabilities

CVE-2020-3222

MEDIUM
CVSS:4.3(Medium)

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. The vul...

CWE-172020

CVE-2016-1943

MEDIUM
CVSS:4.7(Medium)

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.

CWE-172016

CVE-2016-2314

MEDIUM
CVSS:4.9(Medium)

GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to creat...

CWE-172016

CVE-2015-4941

MEDIUM
CVSS:5.3(Medium)

IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors.

CWE-172015

CVE-2015-4943

MEDIUM
CVSS:5.3(Medium)

IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-201...

CWE-172015

CVE-2016-1940

MEDIUM
CVSS:5.3(Medium)

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.

CWE-172016