Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-9904

Опубликовано: 14 дек. 2016
Источник: redhat
CVSS3: 7.5
CVSS2: 4.3
EPSS Низкий

Описание

An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5thunderbirdNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected
Red Hat Enterprise Linux 5firefoxFixedRHSA-2016:294614.12.2016
Red Hat Enterprise Linux 6firefoxFixedRHSA-2016:294614.12.2016
Red Hat Enterprise Linux 7firefoxFixedRHSA-2016:294614.12.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1404091Mozilla: Cross-origin information leak in shared atoms (MFSA 2016-94, MFSA 2016-95)

EPSS

Процентиль: 79%
0.01255
Низкий

7.5 High

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-9904

CVSS3: 7.5
ubuntu
больше 7 лет назад

An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

nvd логотип

CVE-2016-9904

CVSS3: 7.5
nvd
больше 7 лет назад

An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

debian логотип

CVE-2016-9904

CVSS3: 7.5
debian
больше 7 лет назад

An attacker could use a JavaScript Map/Set timing attack to determine ...

github логотип

GHSA-h92w-5p82-frc3

CVSS3: 7.5
github
больше 3 лет назад

An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

suse-cvrf логотип

SUSE-SU-2016:3223-1

suse-cvrf
почти 9 лет назад

Security update for MozillaFirefox

EPSS

Процентиль: 79%
0.01255
Низкий

7.5 High

CVSS3

4.3 Medium

CVSS2