| CVE-2016-9904 |
High |
Yes |
Information disclosure |
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could... |
| CVE-2016-9903 |
Medium |
Yes |
Cross-site scripting |
Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be... |
| CVE-2016-9902 |
Medium |
Yes |
Content spoofing |
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows... |
| CVE-2016-9901 |
Medium |
Yes |
Insufficient validation |
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the about:pocket-saved... |
| CVE-2016-9900 |
High |
Yes |
Information disclosure |
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of data: URLs. This could allow for... |
| CVE-2016-9899 |
Critical |
Yes |
Arbitrary code execution |
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. |
| CVE-2016-9898 |
High |
No |
Arbitrary code execution |
Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. |
| CVE-2016-9897 |
High |
Yes |
Arbitrary code execution |
Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. |
| CVE-2016-9896 |
Medium |
Yes |
Arbitrary code execution |
Use-after-free while manipulating the navigator object within WebVR. Note: WebVR is not currently enabled by default. |
| CVE-2016-9895 |
High |
Yes |
Access restriction bypass |
Event handlers on marquee elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. |
| CVE-2016-9894 |
Critical |
Yes |
Arbitrary code execution |
A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially... |
| CVE-2016-9893 |
Critical |
Yes |
Arbitrary code execution |
Mozilla developers and community members Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond... |
| CVE-2016-9080 |
Critical |
Yes |
Arbitrary code execution |
Mozilla developers and community members Kan-Ru Chen, Christian Holler, and Tyson Smith reported memory safety bugs present in Firefox 50.0.2. Some of these... |