CVE-2016-9902 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Content spoofing
Description	The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s enabled.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-106	firefox	50.0.2-1	50.1.0-1	Critical	Fixed

Date	Advisory	Group	Package	Severity	Type
14 Dec 2016	ASA-201612-15	AVG-106	firefox	Critical	multiple issues

References
https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9902