vulnerability
SUSE: CVE-2016-9901: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Dec 13, 2016 | Dec 19, 2016 | Jun 21, 2021 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Dec 13, 2016
Added
Dec 19, 2016
Modified
Jun 21, 2021
Description
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.
Solutions
suse-upgrade-mozillafirefoxsuse-upgrade-mozillafirefox-develsuse-upgrade-mozillafirefox-translationssuse-upgrade-mozillafirefox-translations-commonsuse-upgrade-mozillafirefox-translations-other
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.