vulnerability
FreeBSD: VID-512C0FFD-CD39-4DA4-B2DC-81FF4BA8E238 (CVE-2016-9901): mozilla -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Dec 13, 2016 | Dec 14, 2016 | Aug 17, 2018 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Dec 13, 2016
Added
Dec 14, 2016
Modified
Aug 17, 2018
Description
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.
Solutions
freebsd-upgrade-package-firefoxfreebsd-upgrade-package-firefox-esrfreebsd-upgrade-package-libxulfreebsd-upgrade-package-linux-firefoxfreebsd-upgrade-package-linux-seamonkeyfreebsd-upgrade-package-linux-thunderbirdfreebsd-upgrade-package-seamonkeyfreebsd-upgrade-package-thunderbird
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.