Описание
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 50.1.0+build2-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [50.1.0+build2-0ubuntu0.14.04.1]] |
| precise | released | 50.1.0+build2-0ubuntu0.12.04.1 |
| trusty | released | 50.1.0+build2-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [50.1.0+build2-0ubuntu0.14.04.1] |
| upstream | released | released 50.1.0 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 50.1.0+build2-0ubuntu0.16.04.1 |
| yakkety | released | 50.1.0+build2-0ubuntu0.16.10.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| precise | not-affected | |
| trusty | not-affected | |
| trusty/esm | DNE | trusty was not-affected |
| upstream | not-affected | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | not-affected | |
| yakkety | not-affected |
Показывать по
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.
HTML tags received from the Pocket server will be processed without sa ...
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.
7.5 High
CVSS2
9.8 Critical
CVSS3