CVE-2016-9901 log

Source
Severity Medium
Remote Yes
Type Insufficient validation
Description
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the about:pocket-saved (unprivileged) page, giving it access to Pocket's messaging API through HTML injection.
Group Package Affected Fixed Severity Status Ticket
AVG-106 firefox 50.0.2-1 50.1.0-1 Critical Fixed
Date Advisory Group Package Severity Description
14 Dec 2016 ASA-201612-15 AVG-106 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9901