CVE-2016-9903 log

Severity Medium
Remote Yes
Type Cross-site scripting
Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context.
Group Package Affected Fixed Severity Status Ticket
AVG-106 firefox 50.0.2-1 50.1.0-1 Critical Fixed
Date Advisory Group Package Severity Type
14 Dec 2016 ASA-201612-15 AVG-106 firefox Critical multiple issues