983644 – (CVE-2016-2829) VUL-0: CVE-2016-2829: MozillaFirefox: Incorrect icon displayed on permissions notifications (MFSA 2016-57)

Bug 983644 (CVE-2016-2829) - VUL-0: CVE-2016-2829: MozillaFirefox: Incorrect icon displayed on permissions notifications (MFSA 2016-57)

Summary: VUL-0: CVE-2016-2829: MozillaFirefox: Incorrect icon displayed on permissions...

Status:	RESOLVED FIXED

Alias:	CVE-2016-2829

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Petr Cerny
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	983549
	Show dependency tree / graph

Clone This Bug

Reported:	2016-06-08 06:29 UTC by Marcus Meissner
Modified:	2020-04-05 18:22 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2016-06-08 06:29:32 UTC

https://www.mozilla.org/en-US/security/advisories/mfsa2016-57/


Mozilla Foundation Security Advisory 2016-57
Incorrect icon displayed on permissions notifications

Announced
    June 7, 2016
Reporter
    Tim McCormack
Impact
    Low
Products
    Firefox
Fixed in

        Firefox 47

Description

Security researcher Tim McCormack reported that when a page requests a series of permissions in a short timespan, the resulting permission notifications can show the icon for the wrong permission request. This can lead to user confusion and inadvertent consent given when a user is prompted by web content to give permissions, such as for geolocation or microphone access.
References

    Requesting permissions in short succession can lead to the microphone icon displayed for an unrelated notification (CVE-2016-2829)

Comment 1 Swamp Workflow Management 2016-06-08 22:00:57 UTC

bugbot adjusting priority

Comment 2 Swamp Workflow Management 2016-06-11 12:13:08 UTC

openSUSE-SU-2016:1552-1: An update that solves 13 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 980384,981695,983549,983632,983638,983639,983640,983643,983644,983646,983649,983651,983652,983653,983655
CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2825,CVE-2016-2828,CVE-2016-2829,CVE-2016-2831,CVE-2016-2832,CVE-2016-2833,CVE-2016-2834
Sources used:
openSUSE Leap 42.1 (src):    MozillaFirefox-47.0-24.1, mozilla-nss-3.23-18.1
openSUSE 13.2 (src):    MozillaFirefox-47.0-71.1, mozilla-nss-3.23-34.1

Comment 3 Swamp Workflow Management 2016-06-11 20:09:12 UTC

openSUSE-SU-2016:1557-1: An update that solves 14 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 980384,981695,983549,983632,983638,983639,983640,983643,983644,983646,983649,983651,983652,983653,983655
CVE References: CVE-2016-1950,CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2825,CVE-2016-2828,CVE-2016-2829,CVE-2016-2831,CVE-2016-2832,CVE-2016-2833,CVE-2016-2834
Sources used:
openSUSE 13.1 (src):    MozillaFirefox-47.0-116.1, mozilla-nss-3.23-80.1

Comment 4 Marcus Meissner 2016-08-17 05:50:25 UTC

released