CVE-2016-9061

HIGH Year: 2016
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-275
View all →

Vulnerability Description

A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.

Related Vulnerabilities

CVE-2014-1631

HIGH
CVSS:7.5(High)

Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.

CWE-2752014

CVE-2015-7781

HIGH
CVSS:7.5(High)

ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions.

CWE-2752015

CVE-2016-5299

HIGH
CVSS:7.5(High)

A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android...

CWE-2752016

CVE-2016-7988

HIGH
CVSS:7.5(High)

On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configura...

CWE-2752016

CVE-2017-17876

HIGH
CVSS:7.5(High)

Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter.

CWE-2752017

CVE-2021-1437

HIGH
CVSS:7.5(High)

A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected de...

CWE-2752021