vulnerability
SUSE: CVE-2016-9901: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Dec 13, 2016 | Dec 19, 2016 | Jun 21, 2021 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Dec 13, 2016
Added
Dec 19, 2016
Modified
Jun 21, 2021
Description
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.
Solutions
suse-upgrade-mozillafirefoxsuse-upgrade-mozillafirefox-develsuse-upgrade-mozillafirefox-translationssuse-upgrade-mozillafirefox-translations-commonsuse-upgrade-mozillafirefox-translations-other
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.