---

CVE-2016-9064 - log back

CVE-2016-9064 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Remote
Type	+ Insufficient validation
Description	+ Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update.
References	+ https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9064
Notes