7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.011 Low
EPSS
Percentile
84.3%
Severity: Critical
Date : 2016-11-16
CVE-ID : CVE-2016-5289 CVE-2016-5290 CVE-2016-5291 CVE-2016-5292
CVE-2016-5296 CVE-2016-5297 CVE-2016-9063 CVE-2016-9064
CVE-2016-9066 CVE-2016-9067 CVE-2016-9068 CVE-2016-9070
CVE-2016-9071 CVE-2016-9073 CVE-2016-9075 CVE-2016-9076
CVE-2016-9077
Package : firefox
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package firefox before version 50.0-1 is vulnerable to multiple
issues including arbitrary code execution, information disclosure,
insufficient validation, privilege escalation, content spoofing, same-
origin policy bypass and sandbox escape.
Upgrade to 50.0-1.
The problems have been fixed upstream in version 50.0.
None.
Mozilla developers and community members Christian Holler, Andrew
McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey,
Jesse Ruderman, and Markus Stange reported memory safety bugs present
in Firefox 49. Some of these bugs showed evidence of memory corruption
and we presume that with enough effort that some of these could be
exploited to run arbitrary code.
Mozilla developers and community members Olli Pettay, Christian Holler,
Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and
Randell Jesup reported memory safety bugs present in Firefox 49 and
Firefox ESR 45.4. Some of these bugs showed evidence of memory
corruption and we presume that with enough effort that some of these
could be exploited to run arbitrary code.
A same-origin policy bypass with local shortcut files to load arbitrary
local content from disk.
During URL parsing, a maliciously crafted URL can cause a potentially
exploitable crash.
A heap-buffer-overflow in Cairo when processing SVG content caused by
compiler optimization, resulting in a potentially exploitable crash.
An error in argument length checking in JavaScript, leading to
potential integer overflows or other bounds checking issues.
An integer overflow during the parsing of XML using the Expat library.
Add-on updates failed to verify that the add-on ID inside the signed
package matched the ID of the add-on being updated. An attacker who
could perform a man-in-the-middle attack on the user’s connection to
the update server and defeat the certificate pinning protection could
provide a malicious signed add-on instead of a valid update.
A buffer overflow resulting in a potentially exploitable crash due to
memory allocation issues when handling large amounts of incoming data.
Two heap-use-after-free errors during DOM operations in
nsINode::ReplaceOrInsertBefore resulting in potentially exploitable
crashes.
A heap-use-after-free in nsRefreshDriver during web animations when
working with timelines resulting in a potentially exploitable crash.
A maliciously crafted page loaded to the sidebar through a bookmark can
reference a privileged chrome window and engage in limited JavaScript
operations violating cross-origin protections.
Content Security Policy combined with HTTP to HTTPS redirection can be
used by malicious server to verify whether a known site is within a
user’s browser history.
WebExtensions can bypass security checks to load privileged URLs and
potentially escape the WebExtension sandbox.
An issue where WebExtensions can use the mozAddonManager API to elevate
privilege due to privileged pages being allowed in the permissions
list. This allows a malicious extension to then install additional
extensions without explicit user permission.
An issue where a <select> dropdown menu can be used to cover location
bar content, resulting in potential spoofing attacks. This attack
requires e10s to be enabled in order to function.
Canvas allows the use of the feDisplacementMap filter on images loaded
cross-origin. The rendering by the filter is variable depending on the
input pixel, allowing for timing attacks when the images are loaded
from third party locations.
A remote attacker is able to execute arbitrary code, disclose sensitive
information, escape the WebExtension sandbox, spoof content and bypass
the same-origin policy via various vectors.
https://www.mozilla.org/en-US/security/advisories/mfsa2016-89
https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-5289
https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-5290
https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-5291
https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-5292
https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-5296
https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-5297
https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9063
https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9064
https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9066
https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9067
https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9068
https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9070
https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9071
https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9073
https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9075
https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9076
https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9077
https://vulners.com/cve/CVE-2016-5289
https://vulners.com/cve/CVE-2016-5290
https://vulners.com/cve/CVE-2016-5291
https://vulners.com/cve/CVE-2016-5292
https://vulners.com/cve/CVE-2016-5296
https://vulners.com/cve/CVE-2016-5297
https://vulners.com/cve/CVE-2016-9063
https://vulners.com/cve/CVE-2016-9064
https://vulners.com/cve/CVE-2016-9066
https://vulners.com/cve/CVE-2016-9067
https://vulners.com/cve/CVE-2016-9068
https://vulners.com/cve/CVE-2016-9070
https://vulners.com/cve/CVE-2016-9071
https://vulners.com/cve/CVE-2016-9073
https://vulners.com/cve/CVE-2016-9075
https://vulners.com/cve/CVE-2016-9076
https://vulners.com/cve/CVE-2016-9077
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5289
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5292
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9067
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9068
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9070
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9071
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9073
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9075
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9076
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9077
wiki.archlinux.org/index.php/CVE
www.mozilla.org/en-US/security/advisories/mfsa2016-89
www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-5289
www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-5290
www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-5291
www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-5292
www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-5296
www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-5297
www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9063
www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9064
www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9066
www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9067
www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9068
www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9070
www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9071
www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9073
www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9075
www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9076
www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9077
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.011 Low
EPSS
Percentile
84.3%