Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-9895

Опубликовано: 14 дек. 2016
Источник: redhat
CVSS3: 6.1
CVSS2: 4.3
EPSS Низкий

Описание

Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1404086Mozilla: CSP bypass using marquee tag (MFSA 2016-94, MFSA 2016-95)

EPSS

Процентиль: 71%
0.00709
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-9895

CVSS3: 6.1
ubuntu
больше 7 лет назад

Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

nvd логотип

CVE-2016-9895

CVSS3: 6.1
nvd
больше 7 лет назад

Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

debian логотип

CVE-2016-9895

CVSS3: 6.1
debian
больше 7 лет назад

Event handlers on "marquee" elements were executed despite a strict Co ...

github логотип

GHSA-q8q4-9m7f-q3rp

CVSS3: 6.1
github
больше 3 лет назад

Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

oracle-oval логотип

ELSA-2016-2973

oracle-oval
почти 9 лет назад

ELSA-2016-2973: thunderbird security update (IMPORTANT)

EPSS

Процентиль: 71%
0.00709
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2