CVE-2016-9901 log

Severity Medium
Remote Yes
Type Insufficient validation
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the about:pocket-saved (unprivileged) page, giving it access to Pocket's messaging API through HTML injection.
Group Package Affected Fixed Severity Status Ticket
AVG-106 firefox 50.0.2-1 50.1.0-1 Critical Fixed
Date Advisory Group Package Severity Type
14 Dec 2016 ASA-201612-15 AVG-106 firefox Critical multiple issues