Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2016-AVI-379
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mozilla Firefox ESR versions ant\u00e9rieures \u00e0 45.5",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla Firefox versions ant\u00e9rieures \u00e0 50",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-5289",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5289"
},
{
"name": "CVE-2016-9070",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9070"
},
{
"name": "CVE-2016-9067",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9067"
},
{
"name": "CVE-2016-9062",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9062"
},
{
"name": "CVE-2016-9071",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9071"
},
{
"name": "CVE-2016-5295",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5295"
},
{
"name": "CVE-2016-9064",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9064"
},
{
"name": "CVE-2016-5290",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5290"
},
{
"name": "CVE-2016-5291",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5291"
},
{
"name": "CVE-2016-9075",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9075"
},
{
"name": "CVE-2016-5292",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5292"
},
{
"name": "CVE-2016-9063",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
},
{
"name": "CVE-2016-9076",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9076"
},
{
"name": "CVE-2016-5293",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5293"
},
{
"name": "CVE-2016-9072",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9072"
},
{
"name": "CVE-2016-5298",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5298"
},
{
"name": "CVE-2016-9068",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9068"
},
{
"name": "CVE-2016-5299",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5299"
},
{
"name": "CVE-2016-9077",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9077"
},
{
"name": "CVE-2016-5297",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5297"
},
{
"name": "CVE-2016-5294",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5294"
},
{
"name": "CVE-2016-9061",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9061"
},
{
"name": "CVE-2016-5296",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5296"
},
{
"name": "CVE-2016-9074",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9074"
},
{
"name": "CVE-2016-9066",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9066"
},
{
"name": "CVE-2016-9069",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9069"
},
{
"name": "CVE-2016-9073",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9073"
},
{
"name": "CVE-2016-9065",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9065"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-89 du 15 novembre 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/"
}
],
"reference": "CERTFR-2016-AVI-379",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-11-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMozilla Firefox\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-89 du 15 novembre 2016",
"url": null
}
]
}
CVE-2016-5289 (GCVE-0-2016-5289)
Vulnerability from cvelistv5 – Published: 2018-06-11 21:00 – Updated: 2024-08-06 00:53
VLAI?
EPSS
Summary
Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.
Severity ?
No CVSS data available.
CWE
- Memory safety bugs fixed in Firefox 50
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugzilla.mozilla.org/buglist.cgi?bug_id=1… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94337 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1037298 | vdb-entryx_refsource_SECTRACK |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
Impacted products
Date Public ?
2016-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1296649%2C1298107%2C1300129%2C1305876%2C1314667%2C1301252%2C1277866%2C1307254%2C1252511%2C1264053"
},
{
"name": "94337",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94337"
},
{
"name": "1037298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037298"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "50",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2016-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 50."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory safety bugs fixed in Firefox 50",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1296649%2C1298107%2C1300129%2C1305876%2C1314667%2C1301252%2C1277866%2C1307254%2C1252511%2C1264053"
},
{
"name": "94337",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94337"
},
{
"name": "1037298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037298"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-5289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "50"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 50."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 50"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1296649%2C1298107%2C1300129%2C1305876%2C1314667%2C1301252%2C1277866%2C1307254%2C1252511%2C1264053",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1296649%2C1298107%2C1300129%2C1305876%2C1314667%2C1301252%2C1277866%2C1307254%2C1252511%2C1264053"
},
{
"name": "94337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94337"
},
{
"name": "1037298",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-89/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-5289",
"datePublished": "2018-06-11T21:00:00.000Z",
"dateReserved": "2016-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:53:48.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5290 (GCVE-0-2016-5290)
Vulnerability from cvelistv5 – Published: 2018-06-11 21:00 – Updated: 2024-08-06 00:53
VLAI?
EPSS
Summary
Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
Severity ?
No CVSS data available.
CWE
- Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://www.debian.org/security/2016/dsa-3730 | vendor-advisoryx_refsource_DEBIAN |
| http://rhn.redhat.com/errata/RHSA-2016-2825.html | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.mozilla.org/buglist.cgi?bug_id=1… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94335 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1037298 | vdb-entryx_refsource_SECTRACK |
| https://security.gentoo.org/glsa/201701-15 | vendor-advisoryx_refsource_GENTOO |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2016-2780.html | vendor-advisoryx_refsource_REDHAT |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Thunderbird |
Affected:
unspecified , < 45.5
(custom)
|
|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 45.5
(custom)
|
|
| Mozilla | Firefox |
Affected:
unspecified , < 50
(custom)
|
Date Public ?
2016-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3730",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2016/dsa-3730"
},
{
"name": "RHSA-2016:2825",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2825.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1309720%2C1297062%2C1303710%2C1018486%2C1292590%2C1301343%2C1301496%2C1308048%2C1308346%2C1299519%2C1286911%2C1298169"
},
{
"name": "94335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94335"
},
{
"name": "1037298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "GLSA-201701-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-93/"
},
{
"name": "RHSA-2016:2780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-90/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "45.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "45.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "50",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2016-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "DSA-3730",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2016/dsa-3730"
},
{
"name": "RHSA-2016:2825",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2825.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1309720%2C1297062%2C1303710%2C1018486%2C1292590%2C1301343%2C1301496%2C1308048%2C1308346%2C1299519%2C1286911%2C1298169"
},
{
"name": "94335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94335"
},
{
"name": "1037298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "GLSA-201701-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-93/"
},
{
"name": "RHSA-2016:2780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-90/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-5290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.5"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.5"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "50"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3730",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2016/dsa-3730"
},
{
"name": "RHSA-2016:2825",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2825.html"
},
{
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1309720%2C1297062%2C1303710%2C1018486%2C1292590%2C1301343%2C1301496%2C1308048%2C1308346%2C1299519%2C1286911%2C1298169",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1309720%2C1297062%2C1303710%2C1018486%2C1292590%2C1301343%2C1301496%2C1308048%2C1308346%2C1299519%2C1286911%2C1298169"
},
{
"name": "94335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94335"
},
{
"name": "1037298",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-93/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-93/"
},
{
"name": "RHSA-2016:2780",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-89/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-90/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-90/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-5290",
"datePublished": "2018-06-11T21:00:00.000Z",
"dateReserved": "2016-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:53:48.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5291 (GCVE-0-2016-5291)
Vulnerability from cvelistv5 – Published: 2018-06-11 21:00 – Updated: 2024-08-06 00:53
VLAI?
EPSS
Summary
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
Severity ?
No CVSS data available.
CWE
- Same-origin policy violation using local HTML file and saved shortcut file
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://www.debian.org/security/2016/dsa-3730 | vendor-advisoryx_refsource_DEBIAN |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1292159 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037298 | vdb-entryx_refsource_SECTRACK |
| https://security.gentoo.org/glsa/201701-15 | vendor-advisoryx_refsource_GENTOO |
| http://www.securityfocus.com/bid/94336 | vdb-entryx_refsource_BID |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2016-2780.html | vendor-advisoryx_refsource_REDHAT |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Thunderbird |
Affected:
unspecified , < 45.5
(custom)
|
|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 45.5
(custom)
|
|
| Mozilla | Firefox |
Affected:
unspecified , < 50
(custom)
|
Date Public ?
2016-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:49.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3730",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2016/dsa-3730"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1292159"
},
{
"name": "1037298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "GLSA-201701-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "94336",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94336"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-93/"
},
{
"name": "RHSA-2016:2780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-90/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "45.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "45.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "50",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2016-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Same-origin policy violation using local HTML file and saved shortcut file",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "DSA-3730",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2016/dsa-3730"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1292159"
},
{
"name": "1037298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "GLSA-201701-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "94336",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94336"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-93/"
},
{
"name": "RHSA-2016:2780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-90/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-5291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.5"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.5"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "50"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Same-origin policy violation using local HTML file and saved shortcut file"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3730",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2016/dsa-3730"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1292159",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1292159"
},
{
"name": "1037298",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "94336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94336"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-93/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-93/"
},
{
"name": "RHSA-2016:2780",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-89/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-90/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-90/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-5291",
"datePublished": "2018-06-11T21:00:00.000Z",
"dateReserved": "2016-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:53:49.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5292 (GCVE-0-2016-5292)
Vulnerability from cvelistv5 – Published: 2018-06-11 21:00 – Updated: 2024-08-06 00:53
VLAI?
EPSS
Summary
During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50.
Severity ?
No CVSS data available.
CWE
- URL parsing causes crash
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/94337 | vdb-entryx_refsource_BID |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1288482 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037298 | vdb-entryx_refsource_SECTRACK |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
Impacted products
Date Public ?
2016-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94337",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94337"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288482"
},
{
"name": "1037298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037298"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "50",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2016-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox \u003c 50."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "URL parsing causes crash",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "94337",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94337"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288482"
},
{
"name": "1037298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037298"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-5292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "50"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox \u003c 50."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "URL parsing causes crash"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94337"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288482",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288482"
},
{
"name": "1037298",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-89/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-5292",
"datePublished": "2018-06-11T21:00:00.000Z",
"dateReserved": "2016-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:53:48.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5293 (GCVE-0-2016-5293)
Vulnerability from cvelistv5 – Published: 2018-06-11 21:00 – Updated: 2024-08-06 00:53
VLAI?
EPSS
Summary
When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.
Severity ?
No CVSS data available.
CWE
- Write to arbitrary file with Mozilla Updater and Maintenance Service using updater.log hardlink
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1246945 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037298 | vdb-entryx_refsource_SECTRACK |
| https://security.gentoo.org/glsa/201701-15 | vendor-advisoryx_refsource_GENTOO |
| http://www.securityfocus.com/bid/94336 | vdb-entryx_refsource_BID |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 45.5
(custom)
|
|
| Mozilla | Firefox |
Affected:
unspecified , < 50
(custom)
|
Date Public ?
2016-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1246945"
},
{
"name": "1037298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "GLSA-201701-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "94336",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94336"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-90/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "45.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "50",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2016-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When the Mozilla Updater is run, if the Updater\u0027s log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR \u003c 45.5 and Firefox \u003c 50."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Write to arbitrary file with Mozilla Updater and Maintenance Service using updater.log hardlink",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1246945"
},
{
"name": "1037298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "GLSA-201701-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "94336",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94336"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-90/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-5293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.5"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "50"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When the Mozilla Updater is run, if the Updater\u0027s log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR \u003c 45.5 and Firefox \u003c 50."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Write to arbitrary file with Mozilla Updater and Maintenance Service using updater.log hardlink"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1246945",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1246945"
},
{
"name": "1037298",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "94336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94336"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-89/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-90/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-90/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-5293",
"datePublished": "2018-06-11T21:00:00.000Z",
"dateReserved": "2016-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:53:48.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5294 (GCVE-0-2016-5294)
Vulnerability from cvelistv5 – Published: 2018-06-11 21:00 – Updated: 2024-08-06 00:53
VLAI?
EPSS
Summary
The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
Severity ?
No CVSS data available.
CWE
- Arbitrary target directory for result files of update process
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1246972 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037298 | vdb-entryx_refsource_SECTRACK |
| https://security.gentoo.org/glsa/201701-15 | vendor-advisoryx_refsource_GENTOO |
| http://www.securityfocus.com/bid/94336 | vdb-entryx_refsource_BID |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Thunderbird |
Affected:
unspecified , < 45.5
(custom)
|
|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 45.5
(custom)
|
|
| Mozilla | Firefox |
Affected:
unspecified , < 50
(custom)
|
Date Public ?
2016-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:49.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1246972"
},
{
"name": "1037298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "GLSA-201701-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "94336",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94336"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-93/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-90/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "45.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "45.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "50",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2016-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary target directory for result files of update process",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1246972"
},
{
"name": "1037298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "GLSA-201701-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "94336",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94336"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-93/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-90/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-5294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.5"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.5"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "50"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary target directory for result files of update process"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1246972",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1246972"
},
{
"name": "1037298",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "94336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94336"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-93/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-93/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-89/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-90/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-90/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-5294",
"datePublished": "2018-06-11T21:00:00.000Z",
"dateReserved": "2016-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:53:49.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5295 (GCVE-0-2016-5295)
Vulnerability from cvelistv5 – Published: 2018-06-11 21:00 – Updated: 2024-08-06 00:53
VLAI?
EPSS
Summary
This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox < 50.
Severity ?
No CVSS data available.
CWE
- Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/94337 | vdb-entryx_refsource_BID |
| https://www.mozilla.org/en-US/security/advisories… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037298 | vdb-entryx_refsource_SECTRACK |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1247239 | x_refsource_CONFIRM |
Impacted products
Date Public ?
2016-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94337",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94337"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-44/"
},
{
"name": "1037298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037298"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1247239"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "50",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2016-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox \u003c 50."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "94337",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94337"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-44/"
},
{
"name": "1037298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037298"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1247239"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-5295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "50"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox \u003c 50."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94337"
},
{
"name": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-44/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-44/"
},
{
"name": "1037298",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-89/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1247239",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1247239"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-5295",
"datePublished": "2018-06-11T21:00:00.000Z",
"dateReserved": "2016-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:53:48.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5296 (GCVE-0-2016-5296)
Vulnerability from cvelistv5 – Published: 2018-06-11 21:00 – Updated: 2024-08-06 00:53
VLAI?
EPSS
Summary
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
Severity ?
No CVSS data available.
CWE
- Heap-buffer-overflow WRITE in rasterize_edges_1
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://www.debian.org/security/2016/dsa-3730 | vendor-advisoryx_refsource_DEBIAN |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1292443 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037298 | vdb-entryx_refsource_SECTRACK |
| https://security.gentoo.org/glsa/201701-15 | vendor-advisoryx_refsource_GENTOO |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2016-2780.html | vendor-advisoryx_refsource_REDHAT |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94339 | vdb-entryx_refsource_BID |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Thunderbird |
Affected:
unspecified , < 45.5
(custom)
|
|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 45.5
(custom)
|
|
| Mozilla | Firefox |
Affected:
unspecified , < 50
(custom)
|
Date Public ?
2016-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3730",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2016/dsa-3730"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1292443"
},
{
"name": "1037298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "GLSA-201701-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-93/"
},
{
"name": "RHSA-2016:2780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-90/"
},
{
"name": "94339",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94339"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "45.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "45.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "50",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2016-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-buffer-overflow WRITE in rasterize_edges_1",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "DSA-3730",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2016/dsa-3730"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1292443"
},
{
"name": "1037298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "GLSA-201701-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-93/"
},
{
"name": "RHSA-2016:2780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-90/"
},
{
"name": "94339",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94339"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-5296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.5"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.5"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "50"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-buffer-overflow WRITE in rasterize_edges_1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3730",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2016/dsa-3730"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1292443",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1292443"
},
{
"name": "1037298",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-93/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-93/"
},
{
"name": "RHSA-2016:2780",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-89/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-90/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-90/"
},
{
"name": "94339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94339"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-5296",
"datePublished": "2018-06-11T21:00:00.000Z",
"dateReserved": "2016-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:53:48.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5297 (GCVE-0-2016-5297)
Vulnerability from cvelistv5 – Published: 2018-06-11 21:00 – Updated: 2024-08-06 00:53
VLAI?
EPSS
Summary
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
Severity ?
No CVSS data available.
CWE
- Incorrect argument length checking in JavaScript
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://www.debian.org/security/2016/dsa-3730 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securitytracker.com/id/1037298 | vdb-entryx_refsource_SECTRACK |
| https://security.gentoo.org/glsa/201701-15 | vendor-advisoryx_refsource_GENTOO |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1303678 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94336 | vdb-entryx_refsource_BID |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2016-2780.html | vendor-advisoryx_refsource_REDHAT |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Thunderbird |
Affected:
unspecified , < 45.5
(custom)
|
|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 45.5
(custom)
|
|
| Mozilla | Firefox |
Affected:
unspecified , < 50
(custom)
|
Date Public ?
2016-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3730",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2016/dsa-3730"
},
{
"name": "1037298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "GLSA-201701-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1303678"
},
{
"name": "94336",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94336"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-93/"
},
{
"name": "RHSA-2016:2780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-90/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "45.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "45.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "50",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2016-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect argument length checking in JavaScript",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "DSA-3730",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2016/dsa-3730"
},
{
"name": "1037298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "GLSA-201701-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1303678"
},
{
"name": "94336",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94336"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-93/"
},
{
"name": "RHSA-2016:2780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-90/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-5297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.5"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.5"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "50"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect argument length checking in JavaScript"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3730",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2016/dsa-3730"
},
{
"name": "1037298",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1303678",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1303678"
},
{
"name": "94336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94336"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-93/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-93/"
},
{
"name": "RHSA-2016:2780",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-89/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-90/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-90/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-5297",
"datePublished": "2018-06-11T21:00:00.000Z",
"dateReserved": "2016-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:53:48.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5298 (GCVE-0-2016-5298)
Vulnerability from cvelistv5 – Published: 2018-06-11 21:00 – Updated: 2024-08-06 00:53
VLAI?
EPSS
Summary
A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 50.
Severity ?
No CVSS data available.
CWE
- SSL indicator can mislead the user about the real URL visited
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/94337 | vdb-entryx_refsource_BID |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1227538 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037298 | vdb-entryx_refsource_SECTRACK |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
Impacted products
Date Public ?
2016-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:49.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94337",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94337"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1227538"
},
{
"name": "1037298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037298"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "50",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2016-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A mechanism where disruption of the loading of a new web page can cause the previous page\u0027s favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox \u003c 50."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SSL indicator can mislead the user about the real URL visited",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "94337",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94337"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1227538"
},
{
"name": "1037298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037298"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-5298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "50"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A mechanism where disruption of the loading of a new web page can cause the previous page\u0027s favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox \u003c 50."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SSL indicator can mislead the user about the real URL visited"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94337"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1227538",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1227538"
},
{
"name": "1037298",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-89/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-5298",
"datePublished": "2018-06-11T21:00:00.000Z",
"dateReserved": "2016-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:53:49.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…