Lucene search
MozillaCVELIST:CVE-2016-9901HistoryJun 11, 2018 - 9:00 p.m.
CVE-2016-9901
2018-06-1121:00:00
mozilla
www.cve.org
5
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the “about:pocket-saved” (unprivileged) page, giving it access to Pocket’s messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.
CNA Affected
[
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "45.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "50.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]References
rhn.redhat.com/errata/RHSA-2016-2946.html
rhn.redhat.com/errata/RHSA-2016-2973.html
www.securityfocus.com/bid/94885
www.securitytracker.com/id/1037461
bugzilla.mozilla.org/show_bug.cgi?id=1320057
security.gentoo.org/glsa/201701-15
www.mozilla.org/security/advisories/mfsa2016-94/
www.mozilla.org/security/advisories/mfsa2016-95/
Related
redhatcve
redhatcve
CVE-2016-9901
2016-12-14 04:47:39
veracode
veracode
Cross-site Scripting (XSS)
2019-05-02 05:51:34
alpinelinux
alpinelinux
CVE-2016-9901
2018-06-11 21:29:02
nvd
nvd
CVE-2016-9901
2018-06-11 21:29:02
cve
cve
CVE-2016-9901
2018-06-11 21:29:02
ubuntucve
ubuntucve
CVE-2016-9901
2016-12-13 00:00:00
debiancve
debiancve
CVE-2016-9901
2018-06-11 21:29:02
prion
prion
Design/Logic Flaw
2018-06-11 21:29:00
nessus
nessus
RHEL 5 / 6 / 7 : thunderbird (RHSA-2016:2973)
2016-12-21 00:00:00
Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20161221)
2016-12-21 00:00:00
Oracle Linux 6 / 7 : thunderbird (ELSA-2016-2973)
2016-12-22 00:00:00
openvas
openvas
RedHat Update for thunderbird RHSA-2016:2973-01
2016-12-22 00:00:00
CentOS Update for thunderbird CESA-2016:2973 centos7
2016-12-22 00:00:00
CentOS Update for thunderbird CESA-2016:2973 centos6
2016-12-22 00:00:00
centos
centos
thunderbird security update
2016-12-21 13:43:24
firefox security update
2016-12-16 14:19:50
redhat
redhat
(RHSA-2016:2973) Important: thunderbird security update
2016-12-21 00:00:00
(RHSA-2016:2946) Critical: firefox security update
2016-12-14 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2016-12-21 00:00:00
firefox security update
2016-12-14 00:00:00
kaspersky
kaspersky
KLA10913 Multiple vulnerabilities in Mozilla Firefox ESR
2016-12-13 00:00:00
KLA10912 Multiple vulnerabilities in Mozilla Firefox
2016-12-13 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2016-12-21 20:08:23
Security update for MozillaFirefox (important)
2016-12-22 02:08:43
Security update for MozillaFirefox (important)
2016-12-22 02:08:15
debian
debian
[SECURITY] [DSA 3734-1] firefox-esr security update
2016-12-14 15:26:33
[SECURITY] [DLA 743-1] firefox-esr security update
2016-12-15 19:29:03
mozilla
mozilla
Security vulnerabilities fixed in Firefox ESR 45.6 — Mozilla
2016-12-13 00:00:00
Security vulnerabilities fixed in Firefox 50.1 — Mozilla
2016-12-13 00:00:00
osv
osv
firefox-esr - security update
2016-12-15 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerabilities
2016-12-15 23:33:35
Updated iceape packages fix security vulnerabilities
2017-09-02 00:10:29
ibm
ibm
ubuntu
ubuntu
Firefox vulnerabilities
2016-12-13 00:00:00
archlinux
archlinux
[ASA-201612-15] firefox: multiple issues
2016-12-14 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2016-12-13 00:00:00
gentoo
gentoo
Mozilla Firefox, Thunderbird: Multiple vulnerabilities
2017-01-03 00:00:00