AVG-72

Package firefox
Status Fixed
Severity Critical
Type multiple issues
Affected 49.0.2-1
Fixed 50.0-1
Current 58.0.2-1 [extra]
Ticket None
Created Wed Nov 16 09:25:55 2016
Issue Severity Remote Type Description
CVE-2016-9077 High Yes Information disclosure
Canvas allows the use of the feDisplacementMap filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel,...
CVE-2016-9076 Medium Yes Content spoofing
An issue where a <select> dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be...
CVE-2016-9075 High Yes Privilege escalation
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows...
CVE-2016-9073 Medium Yes Sandbox escape
WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox.
CVE-2016-9071 Low Yes Information disclosure
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history.
CVE-2016-9070 Medium Yes Same-origin policy bypass
A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations...
CVE-2016-9068 High Yes Arbitrary code execution
A heap-use-after-free in nsRefreshDriver during web animations when working with timelines resulting in a potentially exploitable crash.
CVE-2016-9067 High Yes Arbitrary code execution
Two heap-use-after-free errors during DOM operations in nsINode::ReplaceOrInsertBefore resulting in potentially exploitable crashes.
CVE-2016-9066 High Yes Arbitrary code execution
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data.
CVE-2016-9064 High Yes Insufficient validation
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a...
CVE-2016-9063 Medium Yes Denial of service
An integer overflow vulnerability has been discovered during the parsing of XML using the Expat library.
CVE-2016-5297 High Yes Arbitrary code execution
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues.
CVE-2016-5296 Critical Yes Arbitrary code execution
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash.
CVE-2016-5292 High Yes Arbitrary code execution
During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash.
CVE-2016-5291 Medium No Same-origin policy bypass
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk.
CVE-2016-5290 Critical Yes Arbitrary code execution
Mozilla developers and community members Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup...
CVE-2016-5289 Critical Yes Arbitrary code execution
Mozilla developers and community members Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, and...
Date Advisory Package Description
16 Nov 2016 ASA-201611-16 firefox multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2016-89