AVG-106

Package firefox
Status Fixed
Severity Critical
Type multiple issues
Affected 50.0.2-1
Fixed 50.1.0-1
Current 58.0.2-1 [extra]
Ticket None
Created Wed Dec 14 08:54:00 2016
Issue Severity Remote Type Description
CVE-2016-9904 High Yes Information disclosure
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could...
CVE-2016-9903 Medium Yes Cross-site scripting
Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be...
CVE-2016-9902 Medium Yes Content spoofing
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows...
CVE-2016-9901 Medium Yes Insufficient validation
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the about:pocket-saved...
CVE-2016-9900 High Yes Information disclosure
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of data: URLs. This could allow for...
CVE-2016-9899 Critical Yes Arbitrary code execution
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption.
CVE-2016-9898 High No Arbitrary code execution
Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor.
CVE-2016-9897 High Yes Arbitrary code execution
Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES.
CVE-2016-9896 Medium Yes Arbitrary code execution
Use-after-free while manipulating the navigator object within WebVR. Note: WebVR is not currently enabled by default.
CVE-2016-9895 High Yes Access restriction bypass
Event handlers on marquee elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript.
CVE-2016-9894 Critical Yes Arbitrary code execution
A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially...
CVE-2016-9893 Critical Yes Arbitrary code execution
Mozilla developers and community members Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond...
CVE-2016-9080 Critical Yes Arbitrary code execution
Mozilla developers and community members Kan-Ru Chen, Christian Holler, and Tyson Smith reported memory safety bugs present in Firefox 50.0.2. Some of these...
Date Advisory Package Description
14 Dec 2016 ASA-201612-15 firefox multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/