CVE-2016-9076: Input Validation
An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox < 50.
Other sources
An issue where a <select> dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function.
Affected Software
Event History
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2016-5296
- CVE-2016-5292
- CVE-2016-5293
- CVE-2016-5294
- CVE-2016-5297
- CVE-2016-9064
- CVE-2016-9065
- CVE-2016-9066
- CVE-2016-9067
- CVE-2016-9068
- CVE-2016-9072
- CVE-2016-9075
- CVE-2016-9077
- CVE-2016-5291
- CVE-2016-5295
- CVE-2016-5298
- CVE-2016-5299
- CVE-2016-9061
- CVE-2016-9062
- CVE-2016-9070
- CVE-2016-9073
- CVE-2016-9074
- CVE-2016-9076
- CVE-2016-9063
- CVE-2016-9071
- CVE-2016-5289
- CVE-2016-5290
Frequently Asked Questions
What is CVE-2016-9076?
CVE-2016-9076 is a vulnerability in Firefox versions prior to 50, where a <select> dropdown menu can be used to cover location bar content, potentially leading to spoofing attacks.
How can CVE-2016-9076 be exploited?
CVE-2016-9076 can be exploited by using a <select> dropdown menu to cover the location bar content in Firefox when e10s (Electrolysis) is enabled.
What is the severity rating of CVE-2016-9076?
The severity rating of CVE-2016-9076 is medium, with a severity value of 5.9.
Which versions of Firefox are affected by CVE-2016-9076?
Firefox versions prior to 50 are affected by CVE-2016-9076.
How can I fix CVE-2016-9076?
To fix CVE-2016-9076, it is recommended to update Firefox to version 50 or above.