CVE-2016-9903 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Cross-site scripting |
| Description | Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-106 | firefox | 50.0.2-1 | 50.1.0-1 | Critical | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 14 Dec 2016 | ASA-201612-15 | AVG-106 | firefox | Critical | multiple issues |
| References |
|---|
https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9903 |